bmac32 Loc: West Florida

You might want to fix it.

SAN FRANCISCO — While a patch has not yet been issued, Microsoft has posted instructions on how users can protect the two most recent versions of Internet Explorer against a security flaw announced over the weekend.

The security flaw allows attackers to slip malicious code into an innocuous website, using a c*********d file.

When a victim visits the tainted website using any of the Internet Explorer web browsers versions 6 through 11, attackers could gain full user rights over the victim's computer — and potentially all information on it.

The security flaw led the U.S. Department of Homeland Security's Computer Emergency Readiness Team on Monday to advise Americans to switch to a different browser until it's corrected.

US-CERT has since reviewed its recommendation and now suggests users and administrators make use of the Microsoft security workarounds.

Microsoft's updated information about the vulnerability includes information on a Enhanced Protected Mode workaround that will protect people using Internet Explorer 10 and 11, the two most recent versions of the web browser.

However the fix is somewhat technically complex and it's unclear how many users will actually implement it, given how few do even routine maintenance on their computer's security systems.

"Implementing Microsoft's recommendations will be tough," said Chris Camejo, director of assessment services at NTT Com Security, in Bloomfield, Conn.

"They require changing settings on individual affected systems," he said. "Many of Microsoft's workarounds would also disable functions like ActiveX controls that could affect the usability of some web pages," he said.

Camejo's sense is that, "given the complexity and impact of Microsoft's workarounds, I suspect many organizations are just going to wait until the patch gets released and hope they don't get breached in the meantime."

The IE vulnerability is a big deal, said Will Dormann, vulnerability analyst in the CERT Division of the Carnegie Mellon University Software Engineering Institute in Pittsburgh, Pa.

"First, the vulnerability affects all supported versions of Internet Explorer, which is present on nearly every Microsoft Windows system," he said.

In addition, the fact that the world has now been alerted to the security flaw means hackers are more likely to "switch from targeted attacks to more widespread attacks. Once news of a vulnerability is made public, attackers don't have much reason to try to keep it secret anymore," he said.

Carnegie Mellon's CERT team has posted further instructions on how users can protect their computers against the flaw.

Users still running the Windows XP operating system are especially at risk, experts note. Even Homeland Security weighed in. "Those who cannot follow Microsoft's recommendations, such as Windows XP users, may consider employing an alternate browser," it said in a posting.

Windows XP was first launched in 2001. Microsoft stopped supporting it on April 8. Because of that, computers running the system no longer have access to security upgrades.

The security flaw "is a problem for IE users, but even more so since XP users won't get updates," said Dodi Glenn of ThreatTrack Security, a computer security company in Clearwater, Fla.

"From a security standpoint, I have to wonder, how long will users be willing to keep a vulnerable operating system on their network before deciding to upgrade?"

grace scott

After reading this I see why my grandson insisted I use google. I hope he knows what he's talking about.

AuntiE Loc: 45th Least Free State

Not at you, but they ARE WAY TO LATE on this announcement. One of my friends lost three laptops and two cell phones over this. It was over two months ago.

bmac32 Loc: West Florida

With IE's track record those loses are on the user. MS has such a bad track record and the bulk of their problems have been IE. Me, have never used IE, k**l it first time I load Windows on or if it comes already loaded I turn it off by going to the Control Panel, click Turn Windows Features On or Off (left side) and uncheck the box for IE and load a browser.
http://blogs.msdn.com/b/e7/archive/2009/03/06/beta-to-rc-changes-turning-windows-features-on-or-off.aspx

AuntiE Loc: 45th Least Free State

As my friend works from home and her company uses IE, she must use it for work. I think her son, who was a computer science major, has managed to get one of the laptops up and running. I do not know the status on the cell phones.

RockKnutne Loc: Valhöll

Thanks bmac! I just noticed the MS has a security update for IE that I just installed. I hope that fixes it?

bmac32 Loc: West Florida

Better search engine is https://duckduckgo.com it you don't want to be targeted for adds.

AuntiE Loc: 45th Least Free State

Bmac, can I use this instead of Mozilla? I am still very angry about the most current happenings with them. I would have removed them immediately; however, did not want to use IE.

bmac32 Loc: West Florida

It's a company computer she's stuck but if it's her own IE doesn't do anything other browsers won't, other than hacked as often. When I started with computers there was no such thing as IE, there was WorldWideWeb and Mosaic only.

AuntiE Loc: 45th Least Free State

Company computer. :hunf:

bmac32 Loc: West Florida

Yea me too but I stand by a camp fire to get warm I don't jump in. Some times ya just do the wrong thing and IE would be the wrong thing.

Fairly complete list of browsers.
http://www.webdevelopersnotes.com/design/browsers_for_windows.php3

Best and fastest.
http://compu-smart.hubpages.com/hub/What-is-the-best-browser

And a little history.
http://www.internet101.org/browsers

bmac32 Loc: West Florida

It's a search engine not a browser but note it begins with https and not http, s is for secure like them you buy something on the web.