Security Lapse in ALL IE Versions
An unpatched security hole in Internet Explorer that is being exploited affects all versions of the browser, making it more serious than originally believed when it was first publicized two days ago, Microsoft says. This flaw is present in every version of IE in use today, from IE5 all the way through to IE8 Beta 2.People visiting trusted sites could be affected as well from sites targeted by SQL injection attacks through which malicious code is injected into sites,The company recommends setting the Internet zone security setting to “high” and using access control lists to disable Ole32db.dll to provide the most effective protection against an attack.The SANS Internet Storm Center reports that hackers are breaking into legitimate Web sites and uploading code that could install data-stealing software on the machine of a user who visits the site using Internet Explorer. SANS’s chief technology officer Johannes Ullrich estimates that thousands of sites have been seeded with this exploit to date.
Microsoft’s updated advisory lists a number of mitigating factors: Protected Mode in IE 7 and IE 8 in Windows Vista limits the impact of the vulnerability; IE on Windows Server 2003 and 2008 runs in a restricted mode known as Enhanced Security Configuration that sets the security level for the Internet to high; the attacker could only gain the same user rights as the local user; known attacks can not exploit the issue automatically through e-mail.
I would personally advise users to stop using Internet Explorer for a while until a patch is made available. Dont rely on Anti-Virus because according to VirusTotal.com only 4 out of 32 anti-viruses were able to detect it as malicious or suspicious.
Related posts: