Microsoft warning over browser security flaw - GoFuckYourself.com

DVTimes · 01-31-2011, 08:49 AM

http://www.bbc.co.uk/news/technology-12325139

Microsoft has issued a "critical" warning over a newly-discovered flaw in Windows.

In a security advisory, the company warned of a loophole that could be used by malicious hackers to steal private information or hijack computers.

The bug potentially affects every user of the Internet Explorer web browser - around 900 million people worldwide.

Microsoft has issued a software patch to defend against attacks, and said it was working to develop a long-term fix.

The security advisory, which was published on Friday, details how the vulnerability can be used to manipulate users and take over their machines.

Although the flaw is actually inside Windows itself, it only appears to affect the way that Internet Explorer handles some web pages and documents.

Microsoft admitted that the problem meant users could easily be fooled into downloading malicious files by doing something as simple as clicking on a web link.

"When the user clicked that link, the malicious script would run on the user's computer for the rest of the current Internet Explorer session," wrote Microsoft representative Angela Gunn in a website announcement accompanying the advisory.

Once the computer had been hijacked, hackers could use it to steal personal data or send users to fake websites, she added.

"Such a script might collect user information, e.g e-mail, spoof content displayed in the browser or otherwise interfere with the user's experience."

Although Microsoft said it had seen no evidence that the glitch had already been exploited by hackers, it warned that research had shown it was a serious threat.

And while it has not been able to remove the bug itself, it issued a "fix it" security patch to block any attempts to use it.

All Windows users - particularly those who use Internet Explorer - are being urged to download the fix while the company's security team develop a way to plug the hole permanently.

u-Bob · 01-31-2011, 08:52 AM

Reminds me of the old days:

[email protected] wrote "Visiting malicious web sites is not real exploit scenario"

SmokeyTheBear · 01-31-2011, 09:00 AM

i have seen it being used in the wild for the last 2 weeks

01-31-2011, 08:49 AM	#1
DVTimes xxx Industry Role: Join Date: Jun 2003 Location: UK Posts: 31,544	Microsoft warning over browser security flaw http://www.bbc.co.uk/news/technology-12325139 Microsoft has issued a "critical" warning over a newly-discovered flaw in Windows. In a security advisory, the company warned of a loophole that could be used by malicious hackers to steal private information or hijack computers. The bug potentially affects every user of the Internet Explorer web browser - around 900 million people worldwide. Microsoft has issued a software patch to defend against attacks, and said it was working to develop a long-term fix. The security advisory, which was published on Friday, details how the vulnerability can be used to manipulate users and take over their machines. Although the flaw is actually inside Windows itself, it only appears to affect the way that Internet Explorer handles some web pages and documents. Microsoft admitted that the problem meant users could easily be fooled into downloading malicious files by doing something as simple as clicking on a web link. "When the user clicked that link, the malicious script would run on the user's computer for the rest of the current Internet Explorer session," wrote Microsoft representative Angela Gunn in a website announcement accompanying the advisory. Once the computer had been hijacked, hackers could use it to steal personal data or send users to fake websites, she added. "Such a script might collect user information, e.g e-mail, spoof content displayed in the browser or otherwise interfere with the user's experience." Although Microsoft said it had seen no evidence that the glitch had already been exploited by hackers, it warned that research had shown it was a serious threat. And while it has not been able to remove the bug itself, it issued a "fix it" security patch to block any attempts to use it. All Windows users - particularly those who use Internet Explorer - are being urged to download the fix while the company's security team develop a way to plug the hole permanently. __________________ The Affiliate Program

01-31-2011, 09:00 AM	#3
SmokeyTheBear ►SouthOfHeaven Join Date: Jun 2004 Location: PlanetEarth MyBoardRank: GerbilMaster My-Penis-Size: extralarge MyWeapon: Computer Posts: 28,609	i have seen it being used in the wild for the last 2 weeks __________________ hatisblack at yahoo.com

01-31-2011, 08:52 AM	#2
u-Bob there's no $$$ in porn Industry Role: Join Date: Jul 2005 Location: icq: 195./568.-230 (btw: not getting offline msgs) Posts: 33,063	Reminds me of the old days: [email protected] wrote "Visiting malicious web sites is not real exploit scenario"