Microsoft warns on browser bugs

S

Steve

Guest
Just a heads up for any members still using IE, not that there is anything you can do about it until April 11th :dizzy:

Microsoft has urged users to be wary as three newly discovered bugs leave people open to attack while using the net. All three bugs affect the software firm's Internet Explorer browser.

Security firms said the vulnerabilities were already being targeted by malicious hackers keen to catch out unsuspecting users.

Microsoft said it would produce patches for the vulnerabilities in its next security update due on 11 April.

Attack vector

The first of the problems discovered in Internet Explorer will simply make the browser program crash if it is used to visit a specially crafted webpage.

The other two vulnerabilities are potentially more serious because they can be used to take control of a victim's computer.

Already, said security firms, specially written websites and hijacked servers were being used to host the malicious code that uses the loopholes to invade vulnerable machines.

In security bulletins about the trio of bugs, Microsoft played down the threat and said: "The attacks are limited in scope for now".

Microsoft usually issues security updates on the second Tuesday of every month and its security team is working towards this date, 11 April, to produce patches for the bugs. However, it said the patches would be released earlier if the threat grew significantly.

Those using the patched versions of IE bundled with Windows 2000, Windows XP and Windows Server 2003 are vulnerable to these bugs. People trying out the Beta 2 version of Internet Explorer 7 are safe.

To avoid falling victim, Microsoft urged users to avoid websites they did not trust and to refrain from opening attachments on e-mail messages from unknown senders.
Click to expand...

Another reason to try Firefox or Opera ;)
 
Steve said:
Just a heads up for any members still using IE, not that there is anything you can do about it until April 11th :dizzy:



Another reason to try Firefox or Opera ;)
Click to expand...

Or IE7 beta ;)

Seriously though, other than flaky FTP integration in Firefox (workaround is to use a 3rd party product) ... I can't think of a good reason for anyone to be using IE anymore.

www.mozilla.org

Still, once OSX is installed on everyone's machines by default instead and we're all using Safari as a browser, I'll be much happier :D
 
Microsoft can't get their full products to run bug free and comply with industry agreed standards, that doesn't give me much confidence in their beta attempts ;)

I’ll stick to Firefox for now, thanks :)
 
im running ie7beta2 and its pretty good, seems to be working ok and the bug reporting system is very good, ive posted 2 that i have found and both times the bug has been replied too by an employee working on the software with an explanation of whats occuring and why. Trouble with high use software is that malicious hackers will always try and beat it, and that is now true as much to firefox as IE, security holes are being found in that now too
 
The difference being that FireFox is a compliant browser, supported by many people who don't only update it every 2nd week according to their schedules.

It may be drawing attention now but it is still more secure and has less security issues reported. ;)
 
ms do normally rush out security fixes if its urgent, for some reason these ones dont seem to be of much interest to them
 
Slackers ;)

They are too busy panicking over the much delayed Vista :D
 
i tried getting beta of vista but its closed off now, will have to buy it!

thats right Chris, (welcome, btw)anything successful gets pulled down, be it by mischevious hackers or corporate games, success breeds contempt!
 
It does annoy me when MS get slagged off. I'm no real MS fan but they have advanced the PC desktop (regardless of who thought up the ideas initially) way farther than they would have otherwise.

I realise that if MS hadn't done it someone else probably would have but I'd rather be using XP and Word than the Linux stuff I have to struggle with at work everyday. For example, I shouldn't have to know soooo much about sound cards just to get MP3s playing!

Just my 2p.
 
I am not against MS just IE. My recent experiances with web design has given me just reason to hate it with a passion. Just becasue they are massive company doesn't mean that they shouldn't play along to agreed browser standards, it is just plain pointless and shows their arrogance IMO.
 
Mr THX said:
How do you get your Windows updates then ??
Click to expand...

Set Windows to automatically check and download updates, then manually authorise/install them at a convenient time :)

Works great for me here. :thumb:
 
Found to my annoyance that there were too many times I'd go to get an update off one of the MS sites and it would knock you back. Especially if needing a MS Office download. :(
 
Steve said:
I am not against MS just IE. My recent experiances with web design has given me just reason to hate it with a passion. Just becasue they are massive company doesn't mean that they shouldn't play along to agreed browser standards, it is just plain pointless and shows their arrogance IMO.
Click to expand...

I know what you mean Steve, I have a number of '#this is for IE' comments in my CSS files :D
The same was true of Netscape though before IE really was a contender, they had their own take on what HTML and CSS's should be interpreted as.

Still, I use FF and IE concurently, FF for my main websites and IE for quick browsing. I just fine IE faster to run on my old work PC.

:)
 
Just an update for anyone still taking an interest in this...

Security firms have released patches for a critical loophole in Microsoft's browser that leaves users open to attack.

The release pre-empts Microsoft which is not due to release a fix for the bug until 11 April.

The security firms said the patches were needed because hundreds of websites had been created to exploit the loophole.

But Microsoft said it did not recommend that users apply the patches.

Patch problem

In late March, three security loopholes were found in Microsoft's Internet Explorer browser by security firms.

The most serious of the three, known as the CreateTextRange bug, allowed malicious hackers to take over a PCs if it was used to visit specially crafted webpages.

Now two firms, eEye Digital Security and Determina, have separately produced software patches that close this loophole. Earlier, Microsoft said it would produce a patch in time for the next scheduled Windows security update that falls on 11 April.

Marc Maiffret, eEye's co-founder and chief hacking officer, said its patch was a stop-gap prior to the official version from Microsoft. He said eEye's patch would disable itself once the official version was released and installed.

Microsoft said it could not endorse the patches or recommend that users install them as they had not been through the software giant's testing and evaluation program.

Although Microsoft has played down the threat from people exploiting this loophole, others have found hundreds of websites built to take advantage of the bug in the IE web browser.

Websense said it had seen more than 200 unique web links that were trying to catch people out using the loophole.

On its security blog, Microsoft said it was working with law enforcement to shut down websites created to exploit the bug.
Click to expand...

If you wish to check it out and install, you do so at your own risk. I am not an IE user nor recommending or condemning the above in any way ;)
 
You must log in or register to reply here.
Back
Top