On Friday, in a response to the security hole in several versions of Internet Explorer (IE), the German Federal Office for Information Security recommended that Internet Explorer users should switch to an alternative browser until a patch for IE has been made available. At the same time the exploit, code-named "Aurora", has appeared as public code on several mailing lists. The Metasploit team have already created a module that implements the exploit in the exploit framework.
The BSI says that while running Internet Explorer in "protected mode" and disabling the Active Scripting feature makes attacks less likely to succeed, it doesn't prevent them completely. According to earlier reports, the hole in IE versions 6, 7 and 8 was exploited for a targeted attack against Google, Adobe and numerous other US firms and is believed to have been launched by Chinese cyber spies. The hole, which has now been officially confirmed by Microsoft, allows attackers to inject and execute code on a Windows computer via specially crafted web pages. The attackers reportedly took advantage of this to inject a trojan downloader into compromised computers.
The downloader then proceeded to retrieve further modules, including a back door that gave the attackers remote access to the computer over an SSL-encrypted connection. The links to the crafted web pages must have been sent in emails to selected employees of the targeted firms. Microsoft say they are working on a patch and may even release it as an out-of-cycle "emergency patch".
ANNOUNCEMENT : ALL OF ROYAL MAIL'S EMPLOYMENT POLICIES (AGREEMENTS) AT A GLANCE (Updated 2021)... HERE
ANNOUNCEMENT : PLEASE BE AWARE WE ARE NOT ON FACEBOOK AT ALL!
Warning over using Internet Explorer from German Government
-
TrueBlueTerrier
- FORUM ADMINISTRATOR
- Posts: 71682
- Joined: 30 Dec 2006, 10:29
- Gender: Male
- Location: On my couch
Warning over using Internet Explorer from German Government
All post by me in Green are Admin Posts.May use chatgp to generate posts
Any post in any other colour is my own responsibility.
If you like a news story I posted please click the link to show support
Any news stories you can't post - PM me with a link
Retired
Any post in any other colour is my own responsibility.
If you like a news story I posted please click the link to show support
Any news stories you can't post - PM me with a link
Retired
-
TrueBlueTerrier
- FORUM ADMINISTRATOR
- Posts: 71682
- Joined: 30 Dec 2006, 10:29
- Gender: Male
- Location: On my couch
Re: Warning over using Internet Explorer from German Government
Microsoft Confirms Internet Explorer Vulnerability [Security] http://www.ghacks.net/2010/01/16/micros ... -security/" onclick="window.open(this.href);return false;
Microsoft has confirmed a vulnerability in several Internet Explorer versions which has supposedly been used in the Chinese attack against Google and other companies. The vulnerability exists in Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 but the attacks seem to have been only targeting Internet Explorer 6 systems according to information posted in the vulnerability description at the Microsoft website.
The vulnerability exists as an invalid pointer reference within Internet Explorer. It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.
Microsoft is currently working on a patch to fix the vulnerability with the likelihood that the patch will be released out of their usual patch cycle as an emergency patch.
The patch confirmation page lists several mitigating factors but the safest option right now is to switch to a different web browser at least for as long as no patch is provided to protect the computer system from the vulnerability.
Microsoft has confirmed a vulnerability in several Internet Explorer versions which has supposedly been used in the Chinese attack against Google and other companies. The vulnerability exists in Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 but the attacks seem to have been only targeting Internet Explorer 6 systems according to information posted in the vulnerability description at the Microsoft website.
The vulnerability exists as an invalid pointer reference within Internet Explorer. It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.
Microsoft is currently working on a patch to fix the vulnerability with the likelihood that the patch will be released out of their usual patch cycle as an emergency patch.
The patch confirmation page lists several mitigating factors but the safest option right now is to switch to a different web browser at least for as long as no patch is provided to protect the computer system from the vulnerability.
All post by me in Green are Admin Posts.May use chatgp to generate posts
Any post in any other colour is my own responsibility.
If you like a news story I posted please click the link to show support
Any news stories you can't post - PM me with a link
Retired
Any post in any other colour is my own responsibility.
If you like a news story I posted please click the link to show support
Any news stories you can't post - PM me with a link
Retired
-
norbert
- Posts: 3027
- Joined: 15 Jan 2008, 01:46
Re: Warning over using Internet Explorer from German Government
http://www.netmag.co.uk/zine/discover-c ... ime-on-ie6" onclick="window.open(this.href);return false;
" Lawson adds that for a large chunk of the market, even when someone wants to replace IE6, it isn’t always possible: “Lots of people using IE6 can’t choose an alternative, because they’re on corporate desktops or using older computers. Given the economic climate, few firms will feel like jettisoning a fleet of Windows 2000 desktops that can’t run IE7 or 8."
http://forabeautifulweb.com/blog/about/ ... se_of_ie6/" onclick="window.open(this.href);return false;
" Lawson adds that for a large chunk of the market, even when someone wants to replace IE6, it isn’t always possible: “Lots of people using IE6 can’t choose an alternative, because they’re on corporate desktops or using older computers. Given the economic climate, few firms will feel like jettisoning a fleet of Windows 2000 desktops that can’t run IE7 or 8."
http://forabeautifulweb.com/blog/about/ ... se_of_ie6/" onclick="window.open(this.href);return false;
-
DGP1
- Posts: 15551
- Joined: 07 Jun 2007, 20:39
- Gender: Male
- Location: Terminus
Re: Warning over using Internet Explorer from German Government
I stopped using IE a few years ago and migrated to Firefox and TBH if I could dump Windows and find a decent Linux clone to use then I would do that too.
I'm preparing myself for the zombie invasion, rule number 1 - Cardio
-
norbert
- Posts: 3027
- Joined: 15 Jan 2008, 01:46
Re: Warning over using Internet Explorer from German Government
if I could dump Windows and find a decent Linux clone to use then I would do that too.[/quote DGP]
http://www.linux-xp.com/desktop/" onclick="window.open(this.href);return false; It's Fedora made to look like XP apparently
http://cgi.ebay.co.uk/Linux-XP-Pro-2009 ... 375wt_1167" onclick="window.open(this.href);return false;
http://computers.shop.ebay.co.uk/?_from ... acat=58058" onclick="window.open(this.href);return false;
The M£crosoft CEO http://www.youtube.com/watch?v=wvsboPUjrGc" onclick="window.open(this.href);return false;
http://www.youtube.com/watch?v=_-8IufkbuD0" onclick="window.open(this.href);return false;
http://www.linux-xp.com/desktop/" onclick="window.open(this.href);return false; It's Fedora made to look like XP apparently
http://cgi.ebay.co.uk/Linux-XP-Pro-2009 ... 375wt_1167" onclick="window.open(this.href);return false;
http://computers.shop.ebay.co.uk/?_from ... acat=58058" onclick="window.open(this.href);return false;
The M£crosoft CEO http://www.youtube.com/watch?v=wvsboPUjrGc" onclick="window.open(this.href);return false;
http://www.youtube.com/watch?v=_-8IufkbuD0" onclick="window.open(this.href);return false;
You do not have the required permissions to view the files attached to this post.