Another Week Goes by and Internet Explorer Users Still Ripe for Hijacking

Dr. Roy Schestowitz

2009-11-29 15:44:14 UTC
Modified: 2009-11-29 15:44:14 UTC

Summary: Microsoft leaves Internet Explorer users high and dry for weeks, having not addressed a zero-day flaw that compromises the entire operating system

LAST week we wrote about the Internet Explorer zero-day flaw -- a flaw which Microsoft has not resolved yet. IDG writes:

Hackers working on the open-source Metasploit project have spiffed up a zero-day attack on Microsoft's Internet Explorer, making it more reliable -- and more likely to be used by criminals.

Security experts have been worried about the flaw since it was first disclosed on the Bugtraq mailing list Friday. But the original demonstration code was unreliable and has not been used in real-world attacks.

But then came this IDG report, an advisory (not the same as patch), and SJVN wrote:

Earlier this week Microsoft announced yet another IE (Internet Explorer) bug. This one, Microsoft Security Advisory 977981, is one of the really bad ones that can allow attackers to take your Windows PC over. Yuck!

[...]

I think your best move to keep the world from sneaking in some malware over your browser is to get the latest versions of Firefox 3.5.5 or Google's Chrome 3.0.x Web browser. Neither is perfect, but they are better than IE. I wish I could recommend Opera, but I continue to have real concerns about Opera's built-in Web server security.

Indeed, this is an opportunity to recommend that people secure themselves by moving to another Web browser. Microsoft Thurrott does Microsoft's "damage control", having previously incited people against rival Web browsers like Opera. Other coverage includes:

● Exploit code targets Internet Explorer zero-day display flaw

● New Security Flaw Hits Internet Explorer 6 & 7

● New attack targets weakness in Internet Explorer

● Microsoft Issues Internet Explorer Security Advisory

This is pretty serious.

Microsoft on Monday said it is investigating a possible vulnerability in Internet Explorer after exploit code that allegedly can be used to take control of computers, if they visit a Web site hosting the code, was posted to a security mailing list.

No report about a patch has been published yet. So, a good solution would be abandonment of Internet Explorer. ⬆

Smelling an opportunity

"Use Wayland" Isn't a Bugfix for X (X11 is Still Necessary): They tell us X is "dead" and we must all be herded into Wayland ASAP
The New Head of OSI is an "Hey Hi" (AI) Obsessed Person: when Bryant says "AI" that doesn't mean AI
"Governments, local authorities, schools and hospitals can lead by example by procuring only Free Software": Crossposted from Tux Machines
Cindy Cohn Leaving the Electronic Frontier Foundation While Its Co-founder John Gilmore, Whom She Apparently Helped Oust, Will Celebrate 40 Years of the Free Software Foundation, Inc.: EFF has been busy hoarding GAFAM money, whereas the latter is where all the real activism is done
"Google is Googlebombing KDE's Project Banana": So is Google googlebombing KDE's Project Banana? You decide.
Some Very Large IRC Networks Are Growing: IRC will turn 38 next year
Links 17/09/2025: Google Layoffs in "Hey Hi" (AI), Perplexity Hit With More "Hey Hi" (Plagiarism) Lawsuits: Links for the day
Gemini Links 17/09/2025: Reclaiming Things in a Digital Age and Moon Phases in CGI: Links for the day
Slopwatch: Google News is Slop, Google News is Plagiarism, Google News is Dying: Google is off the rails
Links 16/09/2025: "The Censorship Alarm Is Ringing in the Wrong Direction" and ASRock Does Microsoft E.E.E. on GNU/Linux: Links for the day
Serious "Breach of Confidentiality of Personal Data" in Europe's Second-Largest Institution, the EPO: Yes, the same EPO that routinely uses "data protection" and "GDPR" as a pretext for hiding or covering up its corruption and white-collar crimes (it even uses that as an excuse for refusing to obey courts' orders)
Adrienne Rockenhaus Says Her Husband Was Arrested for Running Tor and Denied Basic Rights in the United States: the US seems to be getting "russified" in its approach towards Tor
This is What Happens When Microsoft Canonical Lets Decisions on Ubuntu be Made by a Youngster From the British Army (Where He Did Mass Surveillance): "Is Ubuntu Compromised?"
Back Doored Windows Giving GNU/Linux a Hard Time (Under the Guise of 'Security'): Is this complication intentional? Most likely, yes
Links 16/09/2025: Science, Security, and Conflicts: Links for the day
Gemini Links 16/09/2025: Command-line Options in POSIX Shell and Introducing Acre 0.9: Links for the day
Microsoft 'Secure' Boot Versus Dual Boot With GNU/Linux: they're meant to assume everything is OK
Links 16/09/2025: While Oracle Pretends to be Rich It's Firing About 70 MySQL Workers, "Oracle's Revenge" (Faking Demand With "AI"): Links for the day
Microsoft Has Just Published a New Web Page About "Secure Boot Update Process" (Microsoft Also Admits Issues; PCs Can Stop Booting): Why was this page issued and published only hours ago?
Microsoft Lunduke: I Spread Hate and Then I Receive Hate: Cry us a river, Microsoft Lunduke
"Disable Secure Boot and Fast Boot. Wipe and Start Over.": At least they didn't say, buy a new computer...
The Oracle Ponzi Scheme: Oracle isn't doing well, but it's nowadays fashionable to say "clown" and "hey hi" to prop up one's stock, even based on nothing at all
Taking Out the Battery, Opening Up Your Computer, Just Like a "Normie" Would: At this stage, any person who still says "enable Secure Boot" is misguided or persuaded by companies that sell rootkits
Slopwatch: Serial Sloppers and Slopfarms Still Infesting Google News (Fake 'Articles' About "Linux" Spreading FUD): searching for "Linux" today yields a lot of FUD
The Reach of Techrights Has Broadened: We nowadays cover a broader range of issues
Complicating Things for No Actual Benefit, Just Added Risk and More Difficulties Adding GNU/Linux and BSDs: Watch what it's like for people who wish to use BSDs
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Monday, September 15, 2025: IRC logs for Monday, September 15, 2025
Links 16/09/2025: Autumn Party, RPG Planet, and Optical ROOPHLOCH: Links for the day
Geminispace Growing at Pace of Over 10% Per Year: Contrary to what some pessimists try to claim
Linux Mint Forums Today: Disable 'Secure Boot', It Doesn't Improve Security, It's Just a Microsoft Obstacle to GNU/Linux Users: They also mention MOK
What Ruben Amorim and Stefano Maffulli Have in Common: Censors Wikipedia and Social Control Media
Microsoft Won't Cooperate in Trying to Tackle EPO Corruption (Microsoft Profits From This Corruption): Use something like BigBlueButton, Jami, Ring, and Jitsi instead
Solved Less Than an Hour Ago: Trying to Escape Windows, 'Secure Boot' Gets in the Way: 'Secure Boot' wasn't meant to even exist in the first place
Stefano Maffulli, Executive Director of the Open Source Initiative, Resigns or Gets Removed (We'll Continue Covering OSI Scandals): A dozen mentions of "AI", not much about "Open Source"
Andy Has Just Nailed It (Regarding Complexity and Failure, a la UEFI): The users no longer own or control what they buy
Compatibility Support Module (CSM) Versus GNU/Linux Simplicity: what Andy recently called "solutionism"
Links 15/09/2025: "Postal Traffic to US Down by Over 80%" and 'Smart' Spinozacampus Laundry Room Goes AWOL: Links for the day
Gemini Links 15/09/2025: Dungeon Hustle and Deleting Oneself From the Net: Links for the day
Breach of EPO's Duty of Care or Cigna Reimbursement Issues: This is the sort of thing that motivated Luigi Mangione to assassinate a CEO
Ask Ubuntu About "Secure Boot" Violation and Laptops That Don't Boot GNU/Linux: Does anyone still believe that "Secure Boot" has anything at all to do with security?
We Are Sad to Hear the Story of Jonathan Riddell, Champion of KDE and GNU/Linux on Desktops/Laptops: I have enormous respect for Jonathan and everything he has done
Talking About the Problem vs Talking to the Problem: Wanting an audience is never a good excuse for compromising one's values and principles
Focusing on Patents: The reason we cover the EPO so much is that it's close to home
"Secure Boot Violation": The 'Joys' of Fake Security Gone Wrong: Not everyone reboots every day
Links 15/09/2025: Russia Invades Romanian Airspace, Penske Media Sues Google Over LLM Slop: Links for the day
Links 15/09/2025: Bitcoin ATMs Scam and "Conservative Cryptography" (Backdoors Fantasies): Links for the day
EPO Imitates Microsoft: "Three Days or More Per Week" Inside the Office to Get a Desk to Work on; "the Office Breaches Its Promise Towards Staff and Acts in Breach of Its Duty of Care": The EPO serves no actual function in Europe
Links 15/09/2025: Political Affairs, Censorship, and Copyrights: Links for the day
Gemini Links 15/09/2025: Music Genres, Invisible Networks, and Akademy 2025: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Sunday, September 14, 2025: IRC logs for Sunday, September 14, 2025

Another Week Goes by and Internet Explorer Users Still Ripe for Hijacking

Recent Techrights' Posts