Another Week Goes by and Internet Explorer Users Still Ripe for Hijacking

Dr. Roy Schestowitz

2009-11-29 15:44:14 UTC
Modified: 2009-11-29 15:44:14 UTC

Summary: Microsoft leaves Internet Explorer users high and dry for weeks, having not addressed a zero-day flaw that compromises the entire operating system

LAST week we wrote about the Internet Explorer zero-day flaw -- a flaw which Microsoft has not resolved yet. IDG writes:

Hackers working on the open-source Metasploit project have spiffed up a zero-day attack on Microsoft's Internet Explorer, making it more reliable -- and more likely to be used by criminals.

Security experts have been worried about the flaw since it was first disclosed on the Bugtraq mailing list Friday. But the original demonstration code was unreliable and has not been used in real-world attacks.

But then came this IDG report, an advisory (not the same as patch), and SJVN wrote:

Earlier this week Microsoft announced yet another IE (Internet Explorer) bug. This one, Microsoft Security Advisory 977981, is one of the really bad ones that can allow attackers to take your Windows PC over. Yuck!

[...]

I think your best move to keep the world from sneaking in some malware over your browser is to get the latest versions of Firefox 3.5.5 or Google's Chrome 3.0.x Web browser. Neither is perfect, but they are better than IE. I wish I could recommend Opera, but I continue to have real concerns about Opera's built-in Web server security.

Indeed, this is an opportunity to recommend that people secure themselves by moving to another Web browser. Microsoft Thurrott does Microsoft's "damage control", having previously incited people against rival Web browsers like Opera. Other coverage includes:

● Exploit code targets Internet Explorer zero-day display flaw

● New Security Flaw Hits Internet Explorer 6 & 7

● New attack targets weakness in Internet Explorer

● Microsoft Issues Internet Explorer Security Advisory

This is pretty serious.

Microsoft on Monday said it is investigating a possible vulnerability in Internet Explorer after exploit code that allegedly can be used to take control of computers, if they visit a Web site hosting the code, was posted to a security mailing list.

No report about a patch has been published yet. So, a good solution would be abandonment of Internet Explorer. ⬆

Smelling an opportunity

Recent Techrights' Posts

A Week After a Worldwide Windows Outage Microsoft is 'Bricking' Windows All On Its Own, Cannot Blame Others Anymore: A look back at a week of lousy press coverage, Microsoft deceit, and lessons to be learned
Links 26/07/2024: Hamburgerization of Sushi and GNU/Linux Primer: Links for the day
Links 26/07/2024: Tesco Cutbacks and Fake Patent Courts: Links for the day
Links 26/07/2024: Grimy Residue of the 'AI' Bubble and Tensions Around Alaska: Links for the day
Gemini Links 26/07/2024: More Computers and Tilde Hosting: Links for the day
Links 26/07/2024: "AI" Hype Debunked and Elon Musk's "X" Already Spreads Political Disinformation: Links for the day
"Why you boss is insatiably horny for firing you and replacing you with software.": Ask McDonalds how this "AI" nonsense with IBM worked out for them
No Olympics: We really need to focus on real news
Nobody Holds the GNOME Foundation Accountable (Not Even IRS), It's Governed by Lawyers, Not Geeks, and Headed by a Shaman Crank: GNOME is a deeply oppressive institutions that eats its own
[Meme] The 'Modern' Web and 'Linux' Foundation Reinforcing Monopolies and Cementing centralisation: They don't care about the users and issuing a few bytes with random characters costs them next to nothing. It gives them control over billions of human beings.
'Boiling the Frog' or How Online Certificate Status Protocol (OCSP) is Being Abandoned at Short Notice by Let's Encrypt: This isn't a lack of foresight but planned obsolescence
When the LLM Bubble Implodes Completely Microsoft Will be 'Finished': Excuses like, "it's not ready yet" or "we'll fix it" won't pass muster
"An escalator can never break: it can only become stairs": The lesson of this story is, if you do evil things, bad things will come your way. So don't do evil things.
When Wikileaks Was Still Primarily a Wiki: less than 14 years ago the international media based its war journalism on what Wikileaks had published
The Free Software Foundation Speaks Out Against Microsoft: the problem is bigger than Microsoft and in the long run - seeing Microsoft's demise - we'll need to emphasise Software Freedom
IRC Proceedings: Thursday, July 25, 2024: IRC logs for Thursday, July 25, 2024
Over at Tux Machines...: GNU/Linux news for the past day
Links 26/07/2024: E-mail on OpenBSD and Emacs Fun: Links for the day
Links 25/07/2024: Talks of Increased Pension Age and Biden Explains Dropping Out: Links for the day
Links 25/07/2024: Paul Watson, Kernel Bug, and Taskwarrior: Links for the day
[Meme] Microsoft's "Dinobabies" Not Amused: a slur that comes from Microsoft's friends at IBM
Flashback: Microsoft Enslaves Black People (Modern Slavery) for Profit, or Even for Losses (Still Sinking in Debt Due to LLMs' Failure): "Paid Kenyan Workers Less Than $2 Per Hour"
From Lion to Lamb: Microsoft Fell From 100% to 13% in Somalia (Lowest Since 2017): If even one media outlet told you in 2010 that Microsoft would fall from 100% (of Web requests) to about 1 in 8 Web requests, you'd probably struggle to believe it
Microsoft Windows Became Rare in Antarctica: Antarctica's Web stats still near 0% for Windows
Links 25/07/2024: YouTube's Financial Problem (Even After Mass Layoffs), Journalists Bemoan Bogus YouTube Takedown Demands: Links for the day
Gemini Now 70 Capsules Short of 4,000 and Let's Encrypt Sinks Below 100 (Capsules) as Self-Signed Leaps to 91%: The "gopher with encryption" protocol is getting more widely used and more independent from GAFAM
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Wednesday, July 24, 2024: IRC logs for Wednesday, July 24, 2024
Techrights Statement on YouTube: YouTube is a dying platform
[Video] Julian Assange on the Right to Know: Publishing facts is spun as "espionage" by the US government and "treason" by the Russian government, to give two notable examples
Links 25/07/2024: Tesla's 45% Profit Drop, Humble Games Employees All Laid Off: Links for the day
Gemini Links 25/07/2024: Losing Grip and collapseOS: Links for the day