Another Week Goes by and Internet Explorer Users Still Ripe for Hijacking

Dr. Roy Schestowitz

2009-11-29 15:44:14 UTC
Modified: 2009-11-29 15:44:14 UTC

Summary: Microsoft leaves Internet Explorer users high and dry for weeks, having not addressed a zero-day flaw that compromises the entire operating system

LAST week we wrote about the Internet Explorer zero-day flaw -- a flaw which Microsoft has not resolved yet. IDG writes:

Hackers working on the open-source Metasploit project have spiffed up a zero-day attack on Microsoft's Internet Explorer, making it more reliable -- and more likely to be used by criminals.

Security experts have been worried about the flaw since it was first disclosed on the Bugtraq mailing list Friday. But the original demonstration code was unreliable and has not been used in real-world attacks.

But then came this IDG report, an advisory (not the same as patch), and SJVN wrote:

Earlier this week Microsoft announced yet another IE (Internet Explorer) bug. This one, Microsoft Security Advisory 977981, is one of the really bad ones that can allow attackers to take your Windows PC over. Yuck!

[...]

I think your best move to keep the world from sneaking in some malware over your browser is to get the latest versions of Firefox 3.5.5 or Google's Chrome 3.0.x Web browser. Neither is perfect, but they are better than IE. I wish I could recommend Opera, but I continue to have real concerns about Opera's built-in Web server security.

Indeed, this is an opportunity to recommend that people secure themselves by moving to another Web browser. Microsoft Thurrott does Microsoft's "damage control", having previously incited people against rival Web browsers like Opera. Other coverage includes:

● Exploit code targets Internet Explorer zero-day display flaw

● New Security Flaw Hits Internet Explorer 6 & 7

● New attack targets weakness in Internet Explorer

● Microsoft Issues Internet Explorer Security Advisory

This is pretty serious.

Microsoft on Monday said it is investigating a possible vulnerability in Internet Explorer after exploit code that allegedly can be used to take control of computers, if they visit a Web site hosting the code, was posted to a security mailing list.

No report about a patch has been published yet. So, a good solution would be abandonment of Internet Explorer. ⬆

Smelling an opportunity

Recent Techrights' Posts

United States Entering the $100 Trillion Debt Trap, We Compare GAFAM Debt: Google's debt is about 6 times less than Amazon's
Software Freedom Conservancy (SFC), Inc. vs. Vizio, Inc. Is Costing the Free Software Foundation Money: FSF subpoena and deposition
They Try to Replace the Creators of GNU/Linux and Hijack Their Word, Work, and Reputation: gnu.org is down at the moment; now I'm told it's back but very slow. DDoS?
Links 05/05/2024: Political Cyberattacks From Russia and Google Getting a Lot Worse: Links for the day
Links 06/05/2024: Scams and Politics: Links for the day
Gemini Links 06/05/2024: Reading and Computers: Links for the day
GitLab's Losses Grew From $172,311,000 to $424,174,000 Per Annum: Letting this company have control over your (or your company's) development/code forge may cost you a lot in the future
statCounter's Latest: Android Bouncing to New All-Time Highs, Windows Down to Unprecedented Lows: Android rising
Can't Bear the Thought We're Happy and Productive: If someone is now harassing online friends, attacking the wife, attacking my family (not just attacking and defaming people I know online) there are legal ramifications
On Character Assassination Tactics: The people who leverage these dirty politics typically champion projection tactics
IRC Proceedings: Sunday, May 05, 2024: IRC logs for Sunday, May 05, 2024
Over at Tux Machines...: GNU/Linux news for the past day
Erinn Clark & Debian: Justice or another Open Source vendetta?: Reprinted with permission from disguised.work
Death of Michael Anthony Bordlee, New Orleans, Louisiana: Reprinted with permission from disguised.work
The Revolution Continues: Today we've published over 20 pages and tomorrow we expect more or less the same
Death of Dr Alex Blewitt, UK: Reprinted with permission from disguised.work
Following the Herd (or HURD): Society advances owing to people who think differently and promote positive change, not corporate shills
Thiemo Seufer & Debian deaths: examining accidents and suicides: Reprinted with permission from disguised.work
Gemini Links 05/05/2024: Infobesity and Profectus Beta 1.0: Links for the day
Running This Site Mostly a Joyful Activity: The real problem or the thing that we need to cancel is this "Cancel Culture"
Australia Has Finally Joined the "4% Club" (ChromeOS+GNU/Linux): statCounter stats
Debian as a Hazardous Workplace Where No Accountability Exists (Nor Salaries): systematic exploitation of skilled developers by free 'riders' (or freeloaders) like Google, IBM, and Microsoft
Clownflare Isn't Free and Its CEO Openly Boasted They'd Start Charging Everyone to Offset the Considerable Losses (It's a Trap, It's Just Bait): Clownflare has collapsed
Apple Delivered Very Disappointing Results, Said It Would Buy Its Own Shares (Nobody Will Check This), Company's Debt Now Exceeds Its Monetary Assets: US debt is now 99.98 trillion dollars
FSFE Still Boasts About Working Underage People for No Pay: without even paying them
IRC Proceedings: Saturday, May 04, 2024: IRC logs for Saturday, May 04, 2024
Over at Tux Machines...: GNU/Linux news for the past day
The Persecution of Richard Stallman: WebM version of a new video
Molly de Blanc has been terminated, Magdalen Berns' knockout punch and the Wizard of Oz: Reprinted with permission from disguised.work
[Meme] IBM's Idea of Sharing (to IBM): the so-called founder of IBM worshiped and saluted Adolf Hitler himself
Neil McGovern & Debian: GNOME and Mollygate: Reprinted with permission from disguised.work
[Meme] People Who Don't Write Code Demanding the Removal of Those Who Do: She has blue hair and she sleeps with the Debian Project Leader
Jaminy Prabaharan & Debian: the GSoC admin who failed GSoC: Reprinted with permission from disguised.work
Jonathan Carter, Matthew Miller & Debian, Fedora: Community, Cult, Fraud: Reprinted with permission from disguised.work
Techrights This May: We strive to keep it lean and fast
Links 04/05/2024: Attacks on Workers and the Press: Links for the day
Gemini Links 04/05/2024: Abstractions in Development Considered Harmful: Links for the day
Links 04/05/2024: Tesla a "Tech-Bubble", YouTube Ads When Pausing: Links for the day
Free Software Community/Volunteers Aren't Circus Animals of GAFAM, IBM, Canonical and So On...: Playing with people's lives for capital gain or "entertainment" isn't acceptable
[Meme] The Cancer Culture: Mission accomplished?
Germany Transitioning to GNU/Linux: Why aren't more German federal states following the footsteps of Schleswig-Holstein?
IRC Proceedings: Friday, May 03, 2024: IRC logs for Friday, May 03, 2024
Over at Tux Machines...: GNU/Linux news for the past day
Alexander Wirt, Bucha executions & Debian political prisoners: Reprinted with permission from disguised.work
Links 03/05/2024: Clownflare Collapses and China Deploys Homegrown Aircraft Carrier: Links for the day
IBM's Decision to Acquire HashiCorp is Bad News for Red Hat: IBM acquired functionality that it had already acquired before
Apparently Mass Layoffs at Microsoft Again (Late Friday), Meaning Mass Layoffs Every Month This Year Including May: not familiar with the source site though