Friday, March 12, 2010

Internet Explorer users - upgrade to IE 8 or Firefox

Really, really:

A security researcher has credited McAfee for helping him to develop exploit code that cracks open an unpatched flaw in older versions of Internet Explorer.

Moshe Ben Abu (AKA Trancer00t) developed exploit code for the flaw in IE 6 and 7 in knocking-up an exploit module for the open-source Metasploit exploit database.

"I didn't find the vuln', just found it in the wild. With a little help from McAfee (http://j.mp/c4W3xA) :-)," the Israeli security researcher noted in a Twitter update on Thursday.

Microsoft acknowledged that the flaw, which stems from an invalid pointer reference, affects IE 6 and 7 and creates a possible mechanism for hackers to drop malware onto vulnerable systems. IE8, the latest version of Microsoft's web surfing software, isn't vulnerable.

Metasploit is a free, Open Source security testing tool. It's the cat's meow, and so the World+Dog now have the exploit. If you're still on IE6 or IE7, get off it right now. Microsoft says so, too:
Our investigation so far has shown that Internet Explorer 8 and Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 are not affected, and that Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6 and Internet Explorer 7 are vulnerable.
This is in the wild, folks, meaning that it's coming to a computer near you. Your computer.

Get Firefox here.

Get Internet Explorer 8 (not bad, actually) here.

3 comments:

Mike Golch said...

MACAFEE,HUH? MAYBEE THAT IS WHY IN THE HELL MY COMPUTER KEEP GETTING INFECTED.THEY WERE THE CAUSE OF IT.

kahr40 said...

What about other browsers like Chrome or Opera?

Anonymous said...

Anything is better than IE before 8; my preferred order right now is:

Firefox
Opera
IE8
Chrome/Mac browsers/the others I haven't used

IE6/7 are a tempting target because they're so common, and so well understood. It doesn't help that many businesses are slow to update and continue to do sensitive things with IE6/7. IE8 appears to be better by design, and alternative browsers have the advantage of security through obscurity. (For now)

Jim