Início :: Artigos :: Security
Microsoft admits critical security flaw - Security Experts worldwide: Stop using Internet Explorer
Publicado em 12/17/08 às 20:32:43 por On
Security
04/02/2012: Thanks God Web-APP CMS is NOT made in PHP
21/01/2009: Gary McKinnon, the "Alien Perl hacker" extradition case on hold.
10/01/2009: Content management systems and social networks privacy issues.
23/10/2008: Google introduces security warning alerts for open source CMS built sites.
20/10/2008: CMS Open Source security versus obscurity
SecurityMicrosoft admits critical security flaw - Security Experts worldwide: Stop using Internet Explorer

Microsoft is finally admitting that all its Internet Explorer versions released up to date, including its IE8 Beta version are vulnerable to a severe, remote security issue. While there is not much mentioned about the issue itself (which is not patched yet!) , one can read in Microsoft site about the issue
in a lengthy   security advisory memo in which Microsoft urges its users to change their “Internet zone security setting” to “high” and to run the browser in “Protected Mode.”



According to information obtained by the WebAPP security team, this issue is known since IE version 5 was released and was discovered after  years of intensive security research work by security experts in China.  The exploit allows a remote user to obtain admin privileges on any remote PC using Windows- 2000, XP and Vista by infiltrating via Internet Explorer  browser version from 5 to 8 by either exploiting a link clicked by a visitor on a malicious site or pushing a remote link by exploiting a local CMS system XSS vulnerabilities which are often common for PHP based platforms such as Wordpress and Drupal. While Google has been  offering some help in further researching on those CMS related vulnerabilities, there is still no solutions for remote XSS-browser specific  attacks.  Other attempts to filter or detect such attacks by major Antivirus or firewalls software's distributors have also shown so far to be fruitless.

It has been reported that over 10,000 sites [mostly] in China assist in facilitating these attacks while most of the machines that have been compromised so far were of gamers,  but financial and public machines were highly targeted to.

Computerworld suggests a tech-heavy breakdown of the exploit and the best way savvy surfers can disable its ability to affect their machines. But easier solution may just be to drop IE.  Internet security firm Trend Micro’s Rick Ferguson told the BBC that “if users can find an alternative browser, then that’s good mitigation against the threat.” Microsoft has come out against users switching to another browser, citing security flaws.  “It would not be advisable to send people from one vulnerability (in Internet Explorer) to multiple vulnerabilities,” Windows head at Microsoft UK John Curran told the BBC.

The WebAPP security team would strongly suggest  switching to Firefox, while using Internet Explorer in a virtually isolated working environment, turning on popup blockers (default with Google toolbar) as well as avoiding clicking unknown links in PHP based CMS portals.

1 comentário, (6732 leituras) Outros artigos de, On
 
Versão para impressão amigável - Microsoft admits critical security flaw - Security Experts worldwide: Stop using Internet Explorer   
Inscreva-se
Comentários: Comentários:

1. Dart In and Out Escrita em 01/12/09 às 09:18:46 por Searles





Os comentários são de responsabilidade exclusiva de seus autores.
Só sócios registrados podem fazer um comentário aos artigos.
Login / Registra
V
Nome de usuário:

Senha:

Salvar dados?


Esqueceu sua senha?
Registra?

Menu principal
 * Início
 * Últimas mensagens do Fórum
 * Artigos
 * Fóruns
 * Links
 * Downloads
 * Os 10 +
 * Palm
 * User Help Docs
 * Download WebAPP
Quem está online
V
25 Membros/visitante(s)
De: 4 countries
Quem está online.
Log in to see who's on.

Acessos simult./máx:900
Membros registrados: 8331

Novos usuários:
  psk_suresh
  youri
  totalshop
  davefish77
  SkalVad
  Sebusio
  elchi
  OPGRC
  bush333
  pyoot