Major Internet Explorer Security Flaw Discovered
A newly-discovered flaw in Microsoft's popular Internet Explorer (IE) web browser could allow hackers to take control of a Windows-based computer. The Redmond, Washington-based firm has acknowledged that the problem exists and that it affects older versions of IE.
The firm has also released a temporary fix for the problem.
Microsoft Advises: Avoid Suspicious Links
"Microsoft is aware of targeted attacks that attempt to exploit this vulnerability through Internet Explorer 8," Microsoft said in a security advisory issued on Sunday, December 30, 2012.
Microsoft says the remote code execution flaw exploits the way its popular browser accesses a computer's memory. The vulnerability could reportedly allow a hacker to take control of a victim's computer system if the user browses to a malicious website.
"In a web-based attack scenario, an attacker could host a website ... that is used to exploit this vulnerability," Microsoft said in the security advisory. (Source: cnet.com)
"In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website."
This is a distinction without a difference, however, because most security exploits depend on a computer somehow connecting to a source of malicious software.
It appears, in fact, that this vulnerability has already been exploited. According to reports, the flaw was recently used to attack Windows users who visited the Council on Foreign Relations website. That's a non-partisan U.S. foreign policy think tank.
Reports also indicate the Council on Foreign Relations site had been infected with malicious code since December 21, 2012.
"We can also confirm that the malicious content hosted on the website does appear to use Adobe Flash to generate a heap spray attack against Internet Explorer version 8.0 (fully patched), which was the source of the zero-day vulnerability," noted security expert Darien Kindlund.
Flaw Affects Only Older Versions of IE
Microsoft insists this particular IE flaw affects only Internet Explorer 8 and older versions of its browser. The company says users of Internet Explorer 9 and 10 need not worry about this issue.
Microsoft has recently issued a temporary workaround for the problem in lieu of a full-fledged patch. If you use an older version of Internet Explorer, click here to visit Microsoft.com and learn more about the fix and how to obtain it. (Source: venturebeat.com)
Free guide: Windows 8 Cheat Sheet: Touch and Mouse Gestures. Windows 8 brings a revolutionary way to use your mouse, touchpad, and touchscreen using 'gestures'. If you're new to gestures, you'll most certainly find them confusing - especially if you don't mean to invoke a gesture in the first place! That said, gestures are widely used on mobile and touch-based devices, and the technology is here to stay. Gestures can be a huge time-saver (similar to keyboard shortcuts) once you understand how to use them. For example, you can use gestures to move objects from one location to the next, zoom in, zoom out, enter passwords, and similar. This Windows 8 gesture cheat sheet is designed to make your life easier by demonstrating and explaining the basics. Print, share, and enjoy! Click here to download this guide now! Note: this guide is free, but registration is required; after that, you can select more ebooks and videos for download without registering again. If you have questions / problems with the registration form, please read this.