09
Mar 10

Microsoft Warns of Internet Explorer 0day

Microsoft issued two security patches today to plug important security holes in its Windows operating system and Office software. The software giant also warned that it is aware of hackers exploiting yet another unpatched security flaw in older versions of its Internet Explorer Web browser.

Microsoft said it is investigating public reports that hackers have worked out how to exploit a previously unknown security hole in IE versions 6 and 7 as a vehicle for installing malicious software. Redmond says it is only seeing this flaw being used in “targeted” attacks at this point, but of course these types of pinprick attacks on unpatched vulnerabilities in IE often precede their much wider exploitation by the criminal hacking community.

If you depend on IE for browsing the Web, upgrade to IE8 if possible. Otherwise, consider switching to an alternative browser, particularly something like Firefox with an add-on that blocks scripts by default, such as Noscript or Request Policy. Yes, these add-ons take a bit getting used to, but from where I sit, allowing Javascipt and Flash to load unrestricted as you browse the web is simply unsafe on today’s Internet.

One of the updates Microsoft released today fixes a problem with the Windows Movie Maker application as shipped on Windows XP and Vista. The second patch fixes at least seven vulnerabilities in Microsoft Excel that Microsoft said are present in all supported versions of Microsoft Office, included Mac Office 2004 and 2008.

Updates (including IE8) are available through the Microsoft Update Web site, or via Automatic Update.

Tags: , , ,

15 comments

  1. Re. “Firefox with an add-on that blocks scripts by default, such as Noscript or Request Policy,” RP does not block scripts. For example, if you go to voices.washingtonpost.com/securityfix with Firefox+RP and Strictness=Full_Domain, the blog won’t display because it’s stored in media.washingtonpost.com and RP blocks access to it but everything on voices.washingtonpost.com, including scripts, will run. If you go there with Firefox+NS+RP, then no scripts will run and the blog won’t display (until you allow it). With RP, have never had any need to install AdBlock either.

  2. Sorry for off topic. It says 7 comments, but I only see one. I’ve also experienced in the past where some comments were not visible until I clicked “reply” to an existing comment. Odd

    • I could be wrong but think the software’s counting the # of times “Reply” is clicked. If people then decided not to comment and closed the page, the # shown will exceed the actual # of comments. It should really be counting the # of times “submit comment” is clicked.

  3. Unless required by corporate systems, I use Firefox with NoScript & RequestPolicy among other add-ons. I feel less secure doing that than I used to. I feel (but don’t know) that the odds of getting nailed by a known website that you allow to run scripts has gone up, but at least you don’t get screwed by a stranger.

    If you don’t think this is much value…you will be fascinated to watch add-ons like Request Policy and Ghostery.

    Just by watching these 2 add-ons one can learn a lot about how a company runs its website and who it’s hopped in the sack with – just troll some blogs and both add-ons will light up with an unbelievable number of third-party domains trying to access your system.

  4. Any problems with downloading this month’s patches or IE 8?

  5. Chris Anderson

    Thanks for the plug-in suggestions. I’ve been running without allowing scripts for a long time, but it means I miss a lot of good content. Now I can control scripts on the fly. Of all my feeds, this is the best.

  6. Internet Explorer 8 is very good because it is as stable as Opera. I hate the previous versions of IE like IE6 because it hangs frequently. :

  7. Internet Explorer 8 have been my most used browser this year, it is definitely stable and fast loading too. .: