MacUpdate Weekend Sale :This weekend MacUpdate has slashed prices on Painter 12 and Painter Lite. Painter 12 retails for $429, but has been reduced by 54% to $199. Painter Lite has seen a 58% price cut from $69 to $29. Hurry, because these deals are only available until May 19th 2013.      

IE7 zero-day hole exposed; experts urge alternatives

updated 03:45 pm EST, Tue December 16, 2008

 

IE7 Zero-Day Exploit


A new and previously undiscovered vulnerability in Internet Explorer 7 has triggered warnings to at least temporarily avoid the browser until it can be fixed. The exploit, which takes advantage of the browser's data binding feature to create a memory hole, is unique to Microsoft's code and potentially dangerous due to its usability over the web. A maliciously formed website can use the exploit to steal private data or otherwise compromise the system; some benign websites have been turned hostile using the exploit and other vulnerabilities, the company says.

Over 10,000 sites have already been launched or corrupted with the security gap in mind, according to Trend Micro senior security advisor Rick Ferguson, who is among the early group of experts suggesting that users run an alternative browser until a patch is ready.

"If users can find an alternative browser, then that's good mitigation against the threat," he says.

Notably, Apple Safari, Google Chrome, Mozilla Firefox, and Opera's self-titled browser all avoid the exploit, which also affects earlier versions of Internet Explorer but is limited to systems running Windows XP, Server 2003/2008 and Vista.

Microsoft itself tries to downplay the impact and suggests the damage is relatively limited. The company's UK Windows chief John Currant argues that the exploit only affects 0.2 percent of websites at present and that switching to a competitor's browser would be a hasty reaction given the rarity of the attack.

"I cannot recommend people switch due to this one flaw," he contends.

Regardless, the company has no estimates for when it will provide the necessary fix and instead suggests that Windows XP and Vista owners run Internet Explorer 7 in Protected Mode, which sandboxes it against these types of exploits. Both Windows Server variants also run by default in an enhanced security mode that should prevent the code from running arbitrarily.


By Electronista Staff

toggle

Previous Comments

  1. Guest

    Fresh-Faced Recruit

    Joined: Nov 1999

    0

    Another one?

    Gee, yet another Explorer hole that MS is downplaying. Why don't they just throw this POS, that is Internet Exploder, away and admit they're just plain asses when it comes to writing anything that doesn't have thousands of bugs in it?


  1. testudo

    Forum Regular

    Joined: Aug 2001

    -5

    well

    If you're dumb enough to head off to nefarious and p*** web sites, you deserve to be infected/affected.


  1. cyn1c

    Fresh-Faced Recruit

    Joined: Oct 2008

    +6

    Really?

    Way to be a d***. This exploit can affect ANY website that has been hijacked. No one deserves to be infected with a virus just because they visited a website, regardless of their level internet savvy.


  1. Alfiejr

    Fresh-Faced Recruit

    Joined: Aug 2008

    +3

    Total Piece of c***

    IE is a dog, pure and simple. it's always been vulnerable to exploits, and it always will be. no matter how many patches. this exploit is really dangerous. but the underlying code of the whole darn program is hopeless, because the legacy code of Windows/NT is hopeless, security wise. until MS writes a whole new kernel (and browser) from the ground up, it's going to be playing whack-a-virus-mole for the rest of eternity.


  1. ehoppe

    Fresh-Faced Recruit

    Joined: Jul 2008

    +2

    Confused

    You know, I don't understand how browsers that expose their users to significant risk retain such large market shares. I've been using Opera for a long time and I have yet to question my security while browsing.


  1. ehoppe

    Fresh-Faced Recruit

    Joined: Jul 2008

    0

    Confused

    You know, I don't understand how browsers that expose their users to significant risk retain such large market shares. I've been using Opera for a long time and I have yet to question my security while browsing.


Login Here

Not a member of the MacNN forums? Register now for free.

 
close
Photo
toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Brother HL-3170CDW LED Printer

We've mentioned before that we are far from a paperless society. For now, at least, there are tasks that require a piece of paper for ...

HTC One

It is hard to overstate just how critically important the HTC One is to the Taiwanese company’s fortunes. Despite its alarming decline ...

Samsung Galaxy S 4

Samsung's new flagship Android smartphone, the Galaxy S 4, faces even stiffer competition than its popular predecessor. With a five-in ...

Sponsor

 
toggle

Popular News