IT PRO: Blogs: Davey Winder: IE 6 and 7 hit by hack attack code

Home

Davey Winder's Blog

IE 6 and 7 hit by hack attack code

Posted in Security, Internet, Microsoft on November 22, 2009 at 12:59 pm

If like some 40% or so of Internet users you are still using Internet Explorer 6 or 7, now might be a good time to upgrade following news of the publication of some nasty exploit code over the weekend.

According to Symantec, which has quickly tested the exploit code that appeared on the Bugtraq list at insecure.org, the code as it stands is not 100% reliable but the security researchers expect that a “fully-functional reliable exploit will be available in the near future”. And that means exploit code that will enable websites to be infected, and any IE6 and 7 users with JavaScript enabled to be compromised.

The code, as is and however unreliable, has already been shown to work on IE6 and 7 running under Windows XP SP3, although there are no reports of exploits in the wild as of yet. My hunch is that will all change this week as the bad guys will no doubt be working hard over the weekend to rush out attacks before all the security vendors have updated signatures rolled out. Microsoft will, I imagine, be reactive rather than proactive with a patch only being prioritised after such attacks become widespread.

The code posted exploits a vulnerability in CSS handling in Internet Explorer 6 and 7, and Symantec advises IE users to only visit trusted sites and disable JavaScript until a Microsoft fix appears. Some might suggest switching to Firefox, but given the number of flaws reported lately upgrading to IE 8 might be a better idea.

Rated: 100% (2 votes)

Loading ...

Previous Post | Next Post

Comments

Pingback by Twitter Trackbacks for IT PRO: Blogs: Davey Winder: IE 6 and 7 hit by hack attack code [itpro.co.uk] on Topsy.com - November 22, 2009 on 1:13 pm

[…] IT PRO: Blogs: Davey Winder: IE 6 and 7 hit by hack attack code www.itpro.co.uk/blogs/daveyw/2009/11/ – view page – cached , If like some 40% or so of Internet users you are still using Internet Explorer 6 or 7, now might be a good time to upgrade following news of the publication […]

Comment by stygyan - November 22, 2009 on 2:29 pm

These are not hackers, they are HEROES. They’re just giving people another (powerful) reason to upgrade, thus allowing us webdevs and designers to forget and forsake IE6 forever.

Keep on working, guys!

Comment by Suzanne Lavigne - November 22, 2009 on 4:11 pm

…or to Google Chrome. The best one!

Comment by Stu - November 22, 2009 on 6:23 pm

They should put one out that takes all ie6 and ie7 and replaces the html renderer with a black rectangle

Comment by Alan Hogan - November 22, 2009 on 7:36 pm

The user comments are great. And God, I hope that’s Stu Nichols (sp.?) of cssplay.

Pingback by Vista 7 Zero-Day Followed by Internet Explorer 7 Zero-Day | Boycott Novell - November 23, 2009 on 3:23 am

[…] we find that users of Internet Explorer 7 (version 6 also) are under attack due to a zero-day flaw. [hat tip: Tony Manco] According to Symantec, which has quickly tested the […]

Pingback by alsanan.info » Historias de ayer y hoy - November 23, 2009 on 11:33 am

[…] Ayer: Un grave error en Internet Explorer 8 hace que sitios seguros se conviertan en vulnerables a XSS. Hoy: Internet Explorer 6 y 7 golpeados por un código de hackeo. […]

Comment by hurk - November 23, 2009 on 2:23 pm

congrats.
Can we get rid of those annoying versions finally?

Comment by cici - December 17, 2009 on 1:40 am

top edhardy jewelry www.lookedhardy.com

Comment by cici - December 27, 2009 on 6:09 am

top edhardy jeans www.lookedhardy.com

Comment by cc - January 4, 2010 on 7:52 am

edhardy knits www.lookedhardy.com

Comment by iodiskefs - June 5, 2011 on 7:22 pm

тое што я шукаў, дзякуй

Make a comment

Tag cloud

HPC RATM nightmare work MiniBook MSNBC Energy Browsers eBook Blog patent security admin rootkits trust Top 10 Apple adware data protection biometrics digitise carbon copy Google Election fool MSN botnet SMS Steve Jobs credit card fraud Architecture HP hacking productivity cloud poll virtualisation iPhone 3G Olympics Opinion network Blogging ISP Trousers Windows Phone 7 Series standards SSL information web Press ISPA Research USA Rant Tesco Backlash IDC InfoSec Madness OS Paris Hilton tax disclosure Gartner Browser credit crunch mail spam CAPTCHA politics encryption Game Death chips terrorism Internet Explorer Application Education scareware ASUS Twitter Army Data Centre ID Theft crime environment Video museum meme Acer Government Retail Business Geeks worm Patents parental control Analysis stupidity Microchip EU Funny innovation Europe compromise dumb Cisco Networks Media scam Hack debian survey printing search Russia Study Nexus Jesus Phone Silverlight Trojan The Federation virtual world Gadget computers Recall hoax Adobe YouTube Jobs RAM Mobile Phone Conference fraud Amazon Flash GMail Windows 7 monetisation Supercomputer football hubdub holidays development Texas Instruments payment server Kindle Kin smartphone black hat Eee lawsuit iPhone fun e Parenting IP Psion remote VPN services MessageLabs Nintendo Performance computing surveys teleworking VeriSign management China BSI report Project Programming xmas books desktop Addiction tech console earth hour Firefox Notebooks law Banned AMD PS3 privacy documentation Top 500 phishing IBM library avatar Palm Pre VM linkedin service symantec iPod snooping Porn migration iPad millions Finjan acquisition archiving help broadband App Mars global Psychic fake worker Vista BOFH ecommerce Steve Ballmer President XP computer economy workplace virtual machine storage Google Earth science games NBC Advertising universe Eee PC email iPhone 3GS Experiment Dell copyright e-commerce FBI ROFL size Sony Yahoo Internet recession payments money McKinnon Employment Rumour technology OCR green news Windows memory transactional security Mobile Phones patch management Voice DNS mobile theft gadgets Software christmas Lotus Android Enterprise Military hardware betting malware economics Zango computing Battery Spotify Music family web 2.0 shopping exploit Children Facebook Gateway Deal office Palm Kaspersky Harry Potter banks scan home gaming code Digg Digital Footprint hacker Web Development Review graphics Texting Beta campaign banking IT remote working Developers prison Marketing Licensing Microsoft hypervisor policy Ballmer Big Brother Guardian Pirate NASA Johnny Depp students Mafia open source School wifi Apps statistics Sex second life Noro stupid Obama virus man-in-the-middle App Store data Intel Netbook Kill Switch Bill Gates Scotland sick Linux support Health Meh world of warcraft Space Michael Jackson staffing spending GSM social networking outsourcing

Highest Rated Blog Posts

Why ecommerce fails (100%)
Google Chrome stands alone at PWN2OWN (100%)
Betting on Hubdub technology (100%)
Has Google gone insane as GMail goes back to beta? (100%)
Chinese whispers as government implicated in UK hack attacks (100%)
Crimeware toolkit targets 10,000 trusted sites (100%)
Black Hat risk to migrating VMs (100%)
Tough on cyber crime, tough on the causes of cyber crime (100%)
Firefox 3, Beta 4, Enhancements 900, Tested 5 (100%)
Has the US Army declared war on Windows 7? (100%)

IE 6 and 7 hit by hack attack code

Tag cloud

Archives

Most commented posts

Highest Rated Blog Posts

Advertisement