One More Reason to Upgrade: IE8 Not Affected by New Critical Vulnerability
If you are still using Internet Explorer 6 (IE6), then you need to get with the times and upgrade to something newer; and if you’re going to leave the outdated IE6 behind and move on to newer IE versions, why not move to IE8, the latest and best IE version to come out of Redmond. Best as in feature rich, I don’t want to get into a semantics fight here.
Now you could also upgrade to Internet Explorer 7. After all, anything’s better than IE6. There is one reason why you should make the jump straight to IE8: it is more secure than IE7. Microsoft has recently announced that it is aware of a new critical vulnerability that affects Internet Explorer which if successfully exploited by a person with malicious intent, could lead to remote code execution. It sounds bad, I know. What’s even worse is that exploit code for the vulnerability in question has already been released online.
Microsoft has responded by releasing Security Advisory 977981. In it the Redmond-based software giant provides a few additional details:
“Our investigation so far has shown that Internet Explorer 5.01 Service Pack 4 and Internet Explorer 8 on all supported versions of Microsoft Windows are not affected, and that Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6 and Internet Explorer 7 on supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 are affected. The vulnerability exists as an invalid pointer reference of Internet Explorer. It is possible under certain conditions for a CSS/Style object to be accessed after the object is deleted. In a specially-crafted attack, Internet Explorer attempting to access a freed object can lead to running attacker-supplied code.”
According to Microsoft, no attacks attempting to exploit this vulnerability have been detected. To stay safe IE6 and IE7 users are advised to disable Active Scripting in the Internet and Local intranet security zones. Better yet, you can upgrade to IE8. As security researchers at Symantec have pointed out, it’s only a matter of time until a fully-functional exploit becomes available, so it pays to upgrade.
“The exploit currently exhibits signs of poor reliability, but we expect that a fully-functional reliable exploit will be available in the near future. When this happens, attackers will have the ability to insert the exploit into Web sites, infecting potential visitors. For an attacker to launch a successful attack, they must lure victims to their malicious Web page or a Web site they have compromised. In both cases, the attack requires JavaScript to exploit Internet Explorer,” commented Symantec's Security Intel Analysis Team.
If you would like to get Internet Explorer 8, you can grab it straight from FindMySoft here.
Tags: Microsoft, Internet Explorer, Vulnerability, Security
Now you could also upgrade to Internet Explorer 7. After all, anything’s better than IE6. There is one reason why you should make the jump straight to IE8: it is more secure than IE7. Microsoft has recently announced that it is aware of a new critical vulnerability that affects Internet Explorer which if successfully exploited by a person with malicious intent, could lead to remote code execution. It sounds bad, I know. What’s even worse is that exploit code for the vulnerability in question has already been released online.
Advertising
Microsoft has responded by releasing Security Advisory 977981. In it the Redmond-based software giant provides a few additional details:
“Our investigation so far has shown that Internet Explorer 5.01 Service Pack 4 and Internet Explorer 8 on all supported versions of Microsoft Windows are not affected, and that Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6 and Internet Explorer 7 on supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 are affected. The vulnerability exists as an invalid pointer reference of Internet Explorer. It is possible under certain conditions for a CSS/Style object to be accessed after the object is deleted. In a specially-crafted attack, Internet Explorer attempting to access a freed object can lead to running attacker-supplied code.”
According to Microsoft, no attacks attempting to exploit this vulnerability have been detected. To stay safe IE6 and IE7 users are advised to disable Active Scripting in the Internet and Local intranet security zones. Better yet, you can upgrade to IE8. As security researchers at Symantec have pointed out, it’s only a matter of time until a fully-functional exploit becomes available, so it pays to upgrade.
“The exploit currently exhibits signs of poor reliability, but we expect that a fully-functional reliable exploit will be available in the near future. When this happens, attackers will have the ability to insert the exploit into Web sites, infecting potential visitors. For an attacker to launch a successful attack, they must lure victims to their malicious Web page or a Web site they have compromised. In both cases, the attack requires JavaScript to exploit Internet Explorer,” commented Symantec's Security Intel Analysis Team.
If you would like to get Internet Explorer 8, you can grab it straight from FindMySoft here.
Tags: Microsoft, Internet Explorer, Vulnerability, Security
I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 28 May 2012
Mozilla introduced a new program meant to educate millions of people, the Mozilla Webmaker program.
By George Norman on 26 May 2012
Piriform updated its products, making CCleaner less annoying and Defraggler a lot faster.Related News
By George Norman on 06 Jan 2012
On the 10th of January 2012, Microsoft will release seven security bulletins as part of its Patch Tuesday program. The aforementioned bulletins are meant to address a total of 8 vulnerabilities that plague the Microsoft Windows operating system and
By George Norman on 12 Mar 2012
A total of six security bulletins will be released on Tuesday, the 13th of March by Microsoft as part of its Patch Tuesday program
By George Norman on 13 Dec 2011
Tuesday, the 13th of December, is December 2011 Patch Tuesday, the last Patch Tuesday of the year. This December Microsoft will release a total of 14 security bulletins to its customers.
By George Norman on 10 Feb 2012
Microsoft has just announced that this February, as part of the Patch Tuesday program, it will roll out a grand total of 9 security bulletins to all customers all over the world.Advertising
Hot Software Updates
Top Downloads
2.
Opera5.
Trillian8.
AIM9.
Skype10.
Ad-Aware12.
Nero13.
Google Earth14.
Picasa15.
Winamp16.
iTunes17.
RealPlayer18.
uTorrent19.
eMule20.
WinRAR21.
BitComet22.
WinZip23.
Shareaza24.
CCleaner25.
Recuva26.
Tweak UI27.
CuteFTP Home29.
Adobe Reader30.
NewsPiperBecome A Fan!
Link To Us!
One More Reason to Upgrade: IE8 Not Affected by New Critical Vulnerability
HTML Linking Code
HTML Linking Code