In an event that can define the browser war in near future happened yesterday, when Microsoft issued a security advisory warning users of a critical and unpatched vulnerability in internet explorer, and acknowledged that it has been used to hack several companies’ networks, including Google!!!
Another statement came today from antivirus company McAfee that the hackers have exploited the IE bug attacking computer networks of nearly 3 dozen companies between mid December 2009 and January, 4 2010. What is astonishing about the news is that the only browser which is not containing the flaw was IE 5.01 running on Windows 2000. All the versions that followed including IE6, 7 and 8 are vulnerable to the attack.
In the statements issued by Google and Adobe, which was another company which suffered the attack, said that their networks were targeted, where in Google claimed the theft of intellectual property while Adobe revealed nothing in this context.
Following are the statements from Microsoft on this vulnerability and the danger it posts:
The vulnerability exists as an invalid pointer reference within Internet Explorer. It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.
The flaw affects Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 on supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are affected.
Dangers:
To exploit, an attacker could host a specially crafted Web site, or take advantage of a compromised website, and then convince a user to view the Web site. In all cases, however, an attacker would have no way to force users to visit these malicious Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or in an Instant Messenger message that directs users to the attacker’s Web site. It could also be possible to display specially crafted Web content using banner advertisements or other methods to deliver Web content to affected systems. The Microsoft investigation concluded that setting the Internet zone security setting to “high” will protect users from the vulnerability addressed in this advisory.
An emergency patch to fix this vulnerability is being considered by Microsoft at the moment. But this means, we will still have to wait a full proof browser from Microsoft.
Sphere: Related ContentRelated posts:
- Most spectacular anti-trust case in computer industry Ends. We all know what Microsoft did to Netscape Navigator, a...
- Chrome finally beats Safari In a recent development, Google Chrome Browser has gone past...
- Google ChromePLUS… Something extra… We all know that Google Chrome is based on Chromium,...
Related posts brought to you by Yet Another Related Posts Plugin.
#1 by Rishi on January 16, 2010 - 14:00
Quote
hey,
i read this post .. nicely written .try to simplify a bit for the layman and see the difference.
#2 by Prem Sharma on January 17, 2010 - 01:10
Quote
Thanks for visiting the site and the suggestions. We will try to improve it more.
If you have some more suggestions, please feel free to chare with DJ team.
Keep reading…