Saturday, December 8, 2007

Microsoft Internet Explorer Flaw

Microsoft acknowledges that there is a vulnerability with Internet Explorer 7 and rushes out fix


Microsoft IE7 to Patch
Microsoft went to work to fix a vulnerability with Windows Internet Explorer and its URI, or Uniform Resource Identifier. The fix is to address the problem in the way Internet Explorer 7 interacts with other programs. But with no fix available at the time, using IE7 on Windows XP machines is risky business.

The vulnerability of IE 7 lies in how it interacts, via the URI handler, with products such as Adobe's Acrobat Reader or Mozilla's Firefox. Before, Microsoft pointed fingers to Firefox. Then, the company, after acknowledging that the problem was its own, went to a slow work on a fix because no known exploit existed at the time. But it went on a frenzy when a Trojan horse attack started infecting machines in October.

The Trojan horse attack, which a user receives as an infected PDF, brings an old social-engineerin ploy, which malware filters usually don't vet. It tricks you into clicking the link by carrying a subject line such as "invoice" or "bill".

Adobe patched Reader, but that only covers one end of the worm home. Microsoft's patch has been in testing for quite a while, and may remain in that state for some time. As of now, try to avoid using Windows Internet Explorer 7 to browse sites that are suspicious. Try other alternatives, such as Firfox version 2.0.0.6 and up, which already has a patch for the URI vulnerability.

Opening e-mail attachements is growing riskier. A Microsoft report found that the first half of 2007 saw a 150 rcent increase in phishing scams and a 500 percent increase in malicous payloads.

Obtain a patch of Adobe Reader fix at the Adobe's site if you don't have the PDF fix yet.

No comments: