IT PRO: Blogs: Davey Winder: IE 6 and 7 hit by hack attack code

Home

Davey Winder's Blog

IE 6 and 7 hit by hack attack code

Posted in Security, Internet, Microsoft on November 22, 2009 at 12:59 pm

If like some 40% or so of Internet users you are still using Internet Explorer 6 or 7, now might be a good time to upgrade following news of the publication of some nasty exploit code over the weekend.

According to Symantec, which has quickly tested the exploit code that appeared on the Bugtraq list at insecure.org, the code as it stands is not 100% reliable but the security researchers expect that a “fully-functional reliable exploit will be available in the near future”. And that means exploit code that will enable websites to be infected, and any IE6 and 7 users with JavaScript enabled to be compromised.

The code, as is and however unreliable, has already been shown to work on IE6 and 7 running under Windows XP SP3, although there are no reports of exploits in the wild as of yet. My hunch is that will all change this week as the bad guys will no doubt be working hard over the weekend to rush out attacks before all the security vendors have updated signatures rolled out. Microsoft will, I imagine, be reactive rather than proactive with a patch only being prioritised after such attacks become widespread.

The code posted exploits a vulnerability in CSS handling in Internet Explorer 6 and 7, and Symantec advises IE users to only visit trusted sites and disable JavaScript until a Microsoft fix appears. Some might suggest switching to Firefox, but given the number of flaws reported lately upgrading to IE 8 might be a better idea.

Rated: 100% (2 votes)

Loading ...

Previous Post | Next Post

Comments

Pingback by Twitter Trackbacks for IT PRO: Blogs: Davey Winder: IE 6 and 7 hit by hack attack code [itpro.co.uk] on Topsy.com - November 22, 2009 on 1:13 pm

[…] IT PRO: Blogs: Davey Winder: IE 6 and 7 hit by hack attack code www.itpro.co.uk/blogs/daveyw/2009/11/ – view page – cached , If like some 40% or so of Internet users you are still using Internet Explorer 6 or 7, now might be a good time to upgrade following news of the publication […]

Comment by stygyan - November 22, 2009 on 2:29 pm

These are not hackers, they are HEROES. They’re just giving people another (powerful) reason to upgrade, thus allowing us webdevs and designers to forget and forsake IE6 forever.

Keep on working, guys!

Comment by Suzanne Lavigne - November 22, 2009 on 4:11 pm

…or to Google Chrome. The best one!

Comment by Stu - November 22, 2009 on 6:23 pm

They should put one out that takes all ie6 and ie7 and replaces the html renderer with a black rectangle

Comment by Alan Hogan - November 22, 2009 on 7:36 pm

The user comments are great. And God, I hope that’s Stu Nichols (sp.?) of cssplay.

Pingback by Vista 7 Zero-Day Followed by Internet Explorer 7 Zero-Day | Boycott Novell - November 23, 2009 on 3:23 am

[…] we find that users of Internet Explorer 7 (version 6 also) are under attack due to a zero-day flaw. [hat tip: Tony Manco] According to Symantec, which has quickly tested the […]

Pingback by alsanan.info » Historias de ayer y hoy - November 23, 2009 on 11:33 am

[…] Ayer: Un grave error en Internet Explorer 8 hace que sitios seguros se conviertan en vulnerables a XSS. Hoy: Internet Explorer 6 y 7 golpeados por un código de hackeo. […]

Comment by hurk - November 23, 2009 on 2:23 pm

congrats.
Can we get rid of those annoying versions finally?

Comment by cici - December 17, 2009 on 1:40 am

top edhardy jewelry www.lookedhardy.com

Comment by cici - December 27, 2009 on 6:09 am

top edhardy jeans www.lookedhardy.com

Comment by cc - January 4, 2010 on 7:52 am

edhardy knits www.lookedhardy.com

Make a comment

Tag cloud

hubdub report Browsers Kill Switch Tesco Big Brother outsourcing management staffing virus Deal sick Mobile Phone size Top 10 HPC biometrics Networks Psychic Bill Gates InfoSec Mobile Phones spending Johnny Depp eBook Press hypervisor Texting Digital Footprint Business Eee PC Sony credit card fraud e-commerce printing mail universe cloud web virtual world Architecture China hacking DNS survey Google iPhone 3G Mars App fun Opinion economy computing holidays Facebook Palm Pre e meme Amazon standards Browser payment server VeriSign patch management disclosure VM Blog mobile Retail broadband law hardware Army remote working President PS3 storage documentation Music Patents information Employment Licensing virtual machine Kaspersky tech Intel transactional security Military The Federation Game graphics Trojan Blogging Linux Web Development Flash Media global malware Supercomputer Michael Jackson Education black hat services Psion recession virtualisation workplace Rant policy Apple Geeks banking news Parenting help Sex OCR App Store Ballmer console Windows 7 ecommerce hoax Recall Gadget Jesus Phone Steve Jobs computer lawsuit Jobs linkedin Silverlight Research Energy Trousers science Gartner Pirate BSI theft payments USA network migration botnet crime Hack hacker phishing Meh christmas politics shopping privacy Internet Battery teleworking museum copyright Obama OS stupid banks data fool dumb earth hour Cisco Kindle Review students Harry Potter open source ID Theft second life poll Madness Death wifi Internet Explorer campaign remote Video Backlash Developers xmas terrorism Noro Enterprise code scam Banned EU statistics monetisation symantec rootkits Android family Data Centre memory iPod productivity MessageLabs Performance computing gaming Olympics Gateway Space nightmare Voice Eee Windows YouTube XP worm ISP Nexus CAPTCHA patent Microsoft Paris Hilton economics technology Spotify RAM Election scan Addiction acquisition Nintendo NBC carbon copy Conference spam Microchip Mafia Study MSNBC service Adobe Windows Phone 7 Series Yahoo Texas Instruments chips FBI ISPA Marketing Europe admin Advertising games Software digitise Dell debian Rumour social networking man-in-the-middle trust Children email Lotus HP Guardian McKinnon search Programming world of warcraft desktop innovation snooping smartphone Steve Ballmer Funny betting surveys Experiment home security Apps Google Earth scareware Application ROFL Netbook GSM worker Vista MiniBook office development Top 500 credit crunch IBM adware environment prison IP stupidity GMail Digg AMD encryption School Beta Palm IT exploit MSN SSL money fraud BOFH iPhone compromise NASA fake work ASUS Health millions VPN IDC Zango iPhone 3GS web 2.0 Acer RATM Russia Twitter Project library Firefox Finjan Notebooks Government avatar SMS green Porn books data protection tax archiving

Highest Rated Blog Posts

Why ecommerce fails (100%)
Google Chrome stands alone at PWN2OWN (100%)
Betting on Hubdub technology (100%)
Has Google gone insane as GMail goes back to beta? (100%)
Chinese whispers as government implicated in UK hack attacks (100%)
Crimeware toolkit targets 10,000 trusted sites (100%)
Black Hat risk to migrating VMs (100%)
Tough on cyber crime, tough on the causes of cyber crime (100%)
Firefox 3, Beta 4, Enhancements 900, Tested 5 (100%)
Has the US Army declared war on Windows 7? (100%)

IE 6 and 7 hit by hack attack code

Tag cloud

Archives

Most commented posts

Highest Rated Blog Posts

Advertisement