IT PRO: Blogs: Davey Winder: IE 6 and 7 hit by hack attack code

Home

Davey Winder's Blog

IE 6 and 7 hit by hack attack code

Posted in Security, Internet, Microsoft on November 22, 2009 at 12:59 pm

If like some 40% or so of Internet users you are still using Internet Explorer 6 or 7, now might be a good time to upgrade following news of the publication of some nasty exploit code over the weekend.

According to Symantec, which has quickly tested the exploit code that appeared on the Bugtraq list at insecure.org, the code as it stands is not 100% reliable but the security researchers expect that a “fully-functional reliable exploit will be available in the near future”. And that means exploit code that will enable websites to be infected, and any IE6 and 7 users with JavaScript enabled to be compromised.

The code, as is and however unreliable, has already been shown to work on IE6 and 7 running under Windows XP SP3, although there are no reports of exploits in the wild as of yet. My hunch is that will all change this week as the bad guys will no doubt be working hard over the weekend to rush out attacks before all the security vendors have updated signatures rolled out. Microsoft will, I imagine, be reactive rather than proactive with a patch only being prioritised after such attacks become widespread.

The code posted exploits a vulnerability in CSS handling in Internet Explorer 6 and 7, and Symantec advises IE users to only visit trusted sites and disable JavaScript until a Microsoft fix appears. Some might suggest switching to Firefox, but given the number of flaws reported lately upgrading to IE 8 might be a better idea.

Rated: 100% (2 votes)

Loading ...

Previous Post | Next Post

Comments

Pingback by Twitter Trackbacks for IT PRO: Blogs: Davey Winder: IE 6 and 7 hit by hack attack code [itpro.co.uk] on Topsy.com - November 22, 2009 on 1:13 pm

[…] IT PRO: Blogs: Davey Winder: IE 6 and 7 hit by hack attack code www.itpro.co.uk/blogs/daveyw/2009/11/ – view page – cached , If like some 40% or so of Internet users you are still using Internet Explorer 6 or 7, now might be a good time to upgrade following news of the publication […]

Comment by stygyan - November 22, 2009 on 2:29 pm

These are not hackers, they are HEROES. They’re just giving people another (powerful) reason to upgrade, thus allowing us webdevs and designers to forget and forsake IE6 forever.

Keep on working, guys!

Comment by Suzanne Lavigne - November 22, 2009 on 4:11 pm

…or to Google Chrome. The best one!

Comment by Stu - November 22, 2009 on 6:23 pm

They should put one out that takes all ie6 and ie7 and replaces the html renderer with a black rectangle

Comment by Alan Hogan - November 22, 2009 on 7:36 pm

The user comments are great. And God, I hope that’s Stu Nichols (sp.?) of cssplay.

Pingback by Vista 7 Zero-Day Followed by Internet Explorer 7 Zero-Day | Boycott Novell - November 23, 2009 on 3:23 am

[…] we find that users of Internet Explorer 7 (version 6 also) are under attack due to a zero-day flaw. [hat tip: Tony Manco] According to Symantec, which has quickly tested the […]

Pingback by alsanan.info » Historias de ayer y hoy - November 23, 2009 on 11:33 am

[…] Ayer: Un grave error en Internet Explorer 8 hace que sitios seguros se conviertan en vulnerables a XSS. Hoy: Internet Explorer 6 y 7 golpeados por un código de hackeo. […]

Comment by hurk - November 23, 2009 on 2:23 pm

congrats.
Can we get rid of those annoying versions finally?

Comment by cici - December 17, 2009 on 1:40 am

top edhardy jewelry www.lookedhardy.com

Comment by cici - December 27, 2009 on 6:09 am

top edhardy jeans www.lookedhardy.com

Comment by cc - January 4, 2010 on 7:52 am

edhardy knits www.lookedhardy.com

Comment by iodiskefs - June 5, 2011 on 7:22 pm

тое што я шукаў, дзякуй

Make a comment

Tag cloud

IT Windows Phone 7 Series Browser PS3 lawsuit search campaign MSN social networking OS acquisition Pirate The Federation Netbook open source virus SMS RAM Twitter Gartner Madness China Nexus Google betting Big Brother Battery XP memory Addiction mobile banks linkedin Texting Top 500 economics virtual machine documentation nightmare economy Performance computing sick Mafia Military Spotify gaming staffing iPhone Windows terrorism e-commerce gadgets hacker Digg Geeks IBM management iPhone 3G fool universe Developers IP Palm Harry Potter Voice Firefox Yahoo storage Olympics payments chips transactional security remote Linux family President scan network Sex NASA Data Centre Game Kaspersky Internet Explorer cloud Mobile Phone copyright policy tech science security Video Russia iPad Lotus Army App Retail Trousers Media MessageLabs spam scam Government DNS Networks help Employment remote working ASUS printing Apps christmas e Meh Children Mars YouTube Google Earth Parenting Kill Switch carbon copy digitise FBI library Nintendo work Intel Microchip MiniBook Marketing Ballmer NBC worker size exploit School Microsoft black hat trust fraud Space monetisation archiving Android Steve Jobs EU ROFL Flash Mobile Phones home poll theft Noro VeriSign money OCR Amazon console surveys VM Press wifi Cisco Steve Ballmer Review Health USA prison shopping Johnny Depp Michael Jackson GSM Beta Banned Advertising workplace Application Research Acer Conference encryption Supercomputer crime Opinion migration ecommerce outsourcing stupid Internet Music Deal malware Blogging technology Hack Tesco ID Theft computers Jobs botnet code Rant Facebook InfoSec global football Finjan hypervisor data data protection spending parental control SSL Notebooks iPod world of warcraft adware mail Gateway support hardware Web Development stupidity Project Architecture Sony scareware Paris Hilton standards innovation Funny rootkits environment McKinnon recession xmas hoax books dumb virtualisation HP Browsers meme HPC Jesus Phone ISP virtual world avatar statistics payment server fake Patents Study millions banking Scotland Eee PC politics broadband compromise phishing Kin privacy Vista BOFH law Education Guardian holidays Backlash Digital Footprint Bill Gates AMD biometrics survey Psion service Software tax Death Windows 7 RATM Adobe Palm Pre IDC credit card fraud Kindle Gadget Business Dell worm snooping second life desktop Texas Instruments web 2.0 patent Experiment development iPhone 3GS Zango fun Programming earth hour BSI VPN Eee admin news Rumour office CAPTCHA hubdub productivity smartphone symantec green computer Election Energy Analysis Trojan museum computing man-in-the-middle services games disclosure ISPA report Porn credit crunch Apple Europe Top 10 teleworking MSNBC debian information web email Blog hacking GMail patch management Recall Obama Silverlight App Store graphics Psychic students Enterprise eBook Licensing

Highest Rated Blog Posts

Why ecommerce fails (100%)
Google Chrome stands alone at PWN2OWN (100%)
Betting on Hubdub technology (100%)
Has Google gone insane as GMail goes back to beta? (100%)
Chinese whispers as government implicated in UK hack attacks (100%)
Crimeware toolkit targets 10,000 trusted sites (100%)
Black Hat risk to migrating VMs (100%)
Tough on cyber crime, tough on the causes of cyber crime (100%)
Firefox 3, Beta 4, Enhancements 900, Tested 5 (100%)
Has the US Army declared war on Windows 7? (100%)

IE 6 and 7 hit by hack attack code

Tag cloud

Archives

Most commented posts

Highest Rated Blog Posts

Advertisement