• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

URGENT - serious problem with Internet Explorer

G

gopunk

Lifer
http://www.eweek.com/article2/0,1759,1617233,00.asp?kc=ewnws062504dtx1k0000599


from my dept's support:

Reports of widespread exploits of flaws in all versions of Internet
Explorer have been appearing today - flaws for which no patch is yet
available. Your machine can be compromised simply by visiting a
website with any version of IE - even if you do not click on any
links.

If you use Internet Explorer, YOU MUST TAKE ACTION PROMPTLY. Two
options are outlined at the bottom of this message. Do not delay - do
this now, or regret it later. We will have little sympathy for
anybody who drags their feet on this.

The exploits have been used to perform such malevolent actions as
installing keyloggers and backdoor services on workstations. So your
passwords can be stolen, and your machine could be hijacked and used
as a SPAM relay, or as a drone in a Denial of Service attack on some
other web site.

What makes this particular vulnerability particularly scary is that:

- Even fully-patched versions of IE are vulnerable.
- Antivirus programs do not (yet) catch this exploit.
- No action (other than visiting a web page on an exploited web server)
is required by the user to fall prey to the exploit.
- Various highly-popular web sites are reported to have been exploited.

That all adds up to the fact that it is very difficult for any Internet
Explorer user to avoid exploitation just by being careful.

There are two workarounds:

1. Use an alternative web browser, such as Mozilla. The lab keeps
current versions of Mozilla in \\rfilesrv1\dist-area\browsers, or
you can download your own copy from
http://www.mozilla.org/. Version 1.7 is currently the best
choice. Firefox 0.9 is another good alternative.

2. Configure Internet Explorer to disable active content FOR ALL
SECURITY ZONES. Because the exploits are reported to exploit flaws
in the IE detection of security zone, it's not sufficient to
disable active content for just some zones.

To do this, select Tools:Internet Options:Security to bring up a
property sheet with the security settings for the four zones. Then, for
each zone, click on 'Default Level' and move the slider that appears to
High.

Don't forget to take action on your home machine, your laptop, your
grandmother's computer...

If you are curious and want more details about this vulnerability,
here are some links to follow:

http://eletters.eweek.com/zd1/cts?d=79-831-2-3-51626-95758-1
http://isc.incidents.org/
http://isc.sans.org/diary.php
Click to expand...
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top