IE 6 and 7 hit by hack attack code
By Davey Winder in Editorial
Posted in Security, Internet, Microsoft on
If like some 40% or so of Internet users you are still using Internet Explorer 6 or 7, now might be a good time to upgrade following news of the publication of some nasty exploit code over the weekend.
According to Symantec, which has quickly tested the exploit code that appeared on the Bugtraq list at insecure.org, the code as it stands is not 100% reliable but the security researchers expect that a “fully-functional reliable exploit will be available in the near future”. And that means exploit code that will enable websites to be infected, and any IE6 and 7 users with JavaScript enabled to be compromised.
The code, as is and however unreliable, has already been shown to work on IE6 and 7 running under Windows XP SP3, although there are no reports of exploits in the wild as of yet. My hunch is that will all change this week as the bad guys will no doubt be working hard over the weekend to rush out attacks before all the security vendors have updated signatures rolled out. Microsoft will, I imagine, be reactive rather than proactive with a patch only being prioritised after such attacks become widespread.
The code posted exploits a vulnerability in CSS handling in Internet Explorer 6 and 7, and Symantec advises IE users to only visit trusted sites and disable JavaScript until a Microsoft fix appears. Some might suggest switching to Firefox, but given the number of flaws reported lately upgrading to IE 8 might be a better idea.
Pingback by - November 22, 2009 on 1:13 pm
[…] IT PRO: Blogs: Davey Winder: IE 6 and 7 hit by hack attack code www.itpro.co.uk/blogs/daveyw/2009/11/ – view page – cached , If like some 40% or so of Internet users you are still using Internet Explorer 6 or 7, now might be a good time to upgrade following news of the publication […]
Comment by stygyan - November 22, 2009 on 2:29 pm
These are not hackers, they are HEROES. They’re just giving people another (powerful) reason to upgrade, thus allowing us webdevs and designers to forget and forsake IE6 forever.
Keep on working, guys!
Comment by Suzanne Lavigne - November 22, 2009 on 4:11 pm
…or to Google Chrome. The best one!
Comment by Stu - November 22, 2009 on 6:23 pm
They should put one out that takes all ie6 and ie7 and replaces the html renderer with a black rectangle
Comment by Alan Hogan - November 22, 2009 on 7:36 pm
The user comments are great. And God, I hope that’s Stu Nichols (sp.?) of cssplay.
Pingback by - November 23, 2009 on 3:23 am
[…] we find that users of Internet Explorer 7 (version 6 also) are under attack due to a zero-day flaw. [hat tip: Tony Manco] According to Symantec, which has quickly tested the […]
Pingback by - November 23, 2009 on 11:33 am
[…] Ayer: Un grave error en Internet Explorer 8 hace que sitios seguros se conviertan en vulnerables a XSS. Hoy: Internet Explorer 6 y 7 golpeados por un código de hackeo. […]
Comment by hurk - November 23, 2009 on 2:23 pm
congrats.
Can we get rid of those annoying versions finally?
Comment by cici - December 17, 2009 on 1:40 am
top edhardy jewelry www.lookedhardy.com
Comment by cici - December 27, 2009 on 6:09 am
top edhardy jeans www.lookedhardy.com
Comment by cc - January 4, 2010 on 7:52 am
edhardy knits www.lookedhardy.com
Comment by iodiskefs - June 5, 2011 on 7:22 pm
тое што я шукаў, дзякуй
Make a comment
Tag cloud
Archives
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- August 2006
Most commented posts
- 80 percent of viruses love Windows 7
165 comments
- Has Microsoft gone mental?
- Has the US Army declared war on Windows 7?
- Cuil frozen out: market share drops to next to nothing
- Xbox 360 FAIL
- The 24GB RAM Desktop is born
- Use old version of Windows instead of Linux, says teacher
- Microsoft reveals time-based licensing model
- How Marblecake Hacked Time
- Nexus Two - The Next Generation
Highest Rated Blog Posts
- Why ecommerce fails (100%)
- Google Chrome stands alone at PWN2OWN (100%)
- Betting on Hubdub technology (100%)
- Has Google gone insane as GMail goes back to beta? (100%)
- Chinese whispers as government implicated in UK hack attacks (100%)
- Crimeware toolkit targets 10,000 trusted sites (100%)
- Black Hat risk to migrating VMs (100%)
- Tough on cyber crime, tough on the causes of cyber crime (100%)
- Firefox 3, Beta 4, Enhancements 900, Tested 5 (100%)
- Has the US Army declared war on Windows 7? (100%)

