-
- Want an iPad alternative? Wait for Android 3.0
- Neowin Hands-on: Windows Phone 7 review
- iPhone 4 hardware revision coming at the end o...
- Digg users fight back, sabotage main page
- Paul Allen sues Apple, Facebook, Google and ei...
- Google's browser gets opt-in features via...
- Microsoft introduces new transforming Xbox 360...
- AMD kills off the ATI brand name
Microsoft warns of new zero-day exploit for Internet Explorer
Microsoft has posted a new warning about an exploit that affects its Internet Explorer browser. The zero-day vulnerability, which is already being exploited in the wild, allows for malicious users to install malware on a vulnerable machine.
According to CRN.com, the vulnerable “systems include Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6 and Internet Explorer 7. However, Microsoft said that so far, Internet Explorer 8 and Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 are not affected.”
The exploit occurs when there is an invalid pointer reference. This reference could allow for malicious users to install and launch malware when the object reference is deleted. Microsoft said that the current attacks appear to be targeted but they are currently working towards a fix.
For any user that is still using a legacy version of Internet Explorer, this is one more compelling reason to upgrade your version to IE 8. By upgrading to IE 8, you are removing one more potential exploit that could allow malware to be installed on your machine.
Comments (36)
cabron - 10 March 2010 - 14:37
More reasons to ditch IE forever. Chrome works much better.
GreyWolf - 10 March 2010 - 14:44
It's a flaw in old versions of IE. Firefox, Opera, Safari, and Chrome have had vulnerabilities too. What should we use?
C_Guy - 10 March 2010 - 15:44
If Cab is going to ditch his browser at the first sign of a problem (that has NO EFFECT on the current version - not sure if he caught that in the article before commenting) he would have ditched Chrome a LONG time ago and have no browsers left to choose from at all.
etempest - 10 March 2010 - 17:32
I love Chrome, however, if it gets to the big leagues, it will be targeted by hackers just as much as IE.
Oscar Salinas - 10 March 2010 - 20:56
I used to browse with Maxthon, but sudenly i started to use firefox, cuz of the constant shutdowns of maxthon caused by IE core, Firefox it's pretty mature and stable
Raa - 10 March 2010 - 21:53
Or upgrade to IE8? It's not that hard. :)
Agreed Chrome is a nice alternative too.
este - 10 March 2010 - 14:43
What's even better that support for IE6 has now ended. So now people will actually have to move on.
still1 - 10 March 2010 - 15:16
The 20% of people who still use IE6 are non techi people and have no clue about the vulnerability that exist in IE6. So even if the support ends its hard to move them of IE6. If i see any IE6 in my company and if i have access to that PC I download and install IE8
ilev - 10 March 2010 - 15:21
The 20% of people who still use IE6 are non techi people and have no clue about the vulnerability that exist in IE6. So even if the support ends its hard to move them of IE6. If i see any IE6 in my company and if i have access to that PC I download and install IE8
which justifies the demand to put the browser ballot screen to all billion windows users.
C_Guy - 10 March 2010 - 15:47
So we can give people the choice they *already have* to install other browsers that are just as susceptible to flaws?
Hackersoft MS MVP - 10 March 2010 - 16:26
which justifies the demand to put the browser ballot screen to all billion windows users.
Seriously? If the browser ballot screen had appeared in Win XP then people who chose IE6 would still have this exploit.
Nice how you think through your comment before posting :)
pickypg - 10 March 2010 - 16:47
The 20% of people who still use IE6 are non techi people and have no clue about the vulnerability that exist in IE6. So even if the support ends its hard to move them of IE6. If i see any IE6 in my company and if i have access to that PC I download and install IE8
Most IE6 users are business users that are not allowed to update to IE7/8 simply because the Windows Update is blocked via Group Policy. With the browser becoming unsupported, I imagine that this block is loosening up. In most other big companies, the Group Policy should be configured to force updates upon users (to install when they're ready, but install nonetheless).
ilev - 10 March 2010 - 16:48
Seriously? If the browser ballot screen had appeared in Win XP then people who chose IE6 would still have this exploit.
Nice how you think through your comment before posting :)
IE6 is still the most used browser and is still bundled with XP SP3. Every Windows user in the world should get the ballot screen so he can switch to FF, Chrome , opera or IE8 and away from IE6/IE7 if he uses one.
este - 10 March 2010 - 16:49
The 20% of people who still use IE6 are non techi people and have no clue about the vulnerability that exist in IE6. So even if the support ends its hard to move them of IE6. If i see any IE6 in my company and if i have access to that PC I download and install IE8
What about the businesses that still are forced to use IE6 because of the software/programs they work with? I understand it costs money to make the necessary upgrades happen but shouldn't alot of the IT staffs be looking into something like this? And now that Win 7 is gaining popularity, it's only a matter of time before a lot of these stone age programs are cut off from support and they should know that. Vulnerabilities will always pop up but that is why upgrades/updates are issued...
ilev - 10 March 2010 - 16:53
What about the businesses that still are forced to use IE6 because of the software/programs they work with? I understand it costs money to make the necessary upgrades happen but shouldn't alot of the IT staffs be looking into something like this? And now that Win 7 is gaining popularity, it's only a matter of time before a lot of these stone age programs are cut off from support and they should know that. Vulnerabilities will always pop up but that is why upgrades/updates are issued...
Businesses can configure IE8 to run in compatibly mode until they replace the Dependant applications, or, for security, run those applications and IE6 in VM.
Edit (ilev, 10 March 2010 - 16:54):war - 11 March 2010 - 03:22
Businesses can configure IE8 to run in compatibly mode until they replace the Dependant applications, or, for security, run those applications and IE6 in VM.
babyHacker - 10 March 2010 - 14:43
A lot of the IE6 users, in fact I;d even go so far as to say a majority of them are corporate entities that are still using XP SP3. In SP4, if there ever is one needs to include IE8.
DarkNovaGamer - 10 March 2010 - 16:39
I seriously doubt there will be a Service Pack 4 for Windows XP.
dotf - 10 March 2010 - 14:45
XP SP2 here with IE7. Looks like my corporation needs to get on updating. Oh wait, our security filter prevents us from going to malicious websites :S
C_Guy - 10 March 2010 - 15:48
Great then you'll have no problems.