Greg Johnston, tech columnist
For those still using Microsoft Internet Explorer version 6 or 7, warnings were issued this week concerning a serious security flaw already circulating on the Internet that can allow a remote attacker to take full control of a Windows XP or Vista computer. The current version of Internet Explorer (IE) is 8, but I do still see a fair number of PCs still using IE 6 or 7, so readers may at least want to check what version they are using.
Symantec verified the existence of the issue on November 21st, in a bulletin identifying the early form of the vulnerability. The issue exists in how IE 6 & 7 handle Cascading Style Sheets, a widely used element in web pages that allows control over the presentation – fonts, layout, colours, for example, of web pages, separate from the content. The issue has subsequently been confirmed by Microsoft on the 23rd.
Using specially crafted content on a rigged webpage, the visiting computer can be left open to running arbitrary code – meaning the exploit leaves the system open to run software of the attacker’s choice. This is the case even if the computer is fully patched.
If you are running IE7 on Vista in Protected Mode (which is the default setting), the impact of the vulnerability is limited, but in XP, no such option exists, and most XP users run as administrative users in non-corporate settings, which increases the risk of an attacker gaining a high level of access to the affected computer.
While Microsoft suggests disabling Active Scripting as a workaround, but given that many websites use Active Scripting for content such as forms, menus, or account information on banking sites, users are going to be frustrated quickly if they do this.
A better choice is just to give in to the prompts that should have been coming for months via Windows Update. If you’ve been resisting upgrading to IE8 because you prefer the traditional interface of IE6, or just resist advice from Microsoft, try using Mozilla Firefox, Opera, or Apple’s Safari as alternative web browsers.
If you are uncertain of which version of Internet Explorer you are using, start your browser, then go to the Help menu and select “About Internet Explorer”
Greg Johnston
greg@infotrek.ca
www.infotrek.ca
http://www.symantec.com/connect/blogs/zero-day-internet-explorer-exploit-published
http://www.microsoft.com/technet/security/advisory/977981.mspx
Related posts:
- WINDOWS PROBLEMS (AND COMPUTERS GENERALLY): DON'T PANIC – PART 1 Greg Johnston, tech columnist For readers who may be unfamiliar...
- COMPUTER SECURITIY "SOAP OPERA" OVER WINDOWS 7 VULNERABILITY Greg Johnston, tech columnist Microsoft acknowledged earlier this week that...
- WHY YOU SHOULD DISABLE WINDOWS AUTORUN – HERE'S HOW TO DO IT Greg Johnston, tech columnist Windows 7 has been out for...
- COMPUTER SECURITY PROBLEMS: IT'S NOT JUST WINDOWS Greg Johnston, tech columnist Today, I’m going to alert readers...
- WINDOWS 7 – VISTA FIXED? Greg Johnston, tech columnist Last week, Apple released their latest...
Related posts brought to you by Yet Another Related Posts Plugin.
One Response to “HEADS UP FOR INTERNET 6 AND 7 USERS”
Trackbacks/Pingbacks
[...] PR move from Microsoft appears to be this damage control over IE6 [1, 2, 3]. Microsoft recently refused to just kill IE6, which causes a lot of trouble and distress to [...]