Tidal Fish Forum banner

Microsoft Critical Security Update

1947 Views 10 Replies 5 Participants Last post by  hookinfinger
Just a heads up. In case you have not read about it, Microsoft detected a serious security flaw in the Internet Explorer browser. It has been discussed on TV and in the newspapers all week.

It has been reported that possibly millions of computers have been hacked worldwide. Microsoft came out with a security patch late yesterday that they recommend that you download it immediately. If you have your computer set for automatic updates, you probably already know about this.

If not, you can download the update here. Just click on express. You will have to restart your computer after the update is installed.


Or here: http://www.microsoft.com/downloads/d...displaylang=en

If you use Mozilla products:

Mozilla Firefox 3.0.5
Mozilla Firefox
Mozilla Thunderbird
Mozilla SeaMonkey 1.1.14

Due to Dec16 2008
Mozilla Foundation Security Advisories

More information.

Internet Explorer users told to switch browsers over flaw

Users of Microsoft's Internet Explorer have been warned of a flaw that could let hackers gain access to their computers and steal personal data, and told them to swap to a rival browser.
The flaw was spotted last week when hackers started attacking users of IE 7. The flaw, however, has also been found in earlier versions of Microsoft's browser, IE 5 and IE 6.
Because IE is used by seven out of every ten computers in the world, the flaw is potentially very serious. So far, however, it only seems to have been used to steal computer game code from rival gamers.
Microsoft is trying to put together a patch, but in the meantime computer users have been advised to update their security settings or switch to unaffected browsers such as Firefox or Opera.
The latter scored highest in a recent set of tests of how browsers deal with password security, by security consultants Chapin Information Services. Firefox came second with IE mid-table. Google's new browser, Chrome, and Safari 3.2 for Windows tied in last place.
The flaw in IE allows criminals to gain control of computers that have visited a website infected with malicious code designed to exploit it. While restricting web surfing to trusted sites should reduce the risk of infection, the malicious code can be injected into any website. Users do not have to click or download anything to become infected, merely visiting an infected website is sufficient.
Antivirus software specialists Trend Micro believe as many as 10,000 sites have been hacked to exploit the flaw. Sites that have been compromised so far, however, are mostly Chinese and the attackers seem intent on stealing people's computer game passwords in order to sell them on the black market rather than looking for personal details such as bank accounts.
It is known as a "zero-day" attack because it exploits a security vulnerability on the same day that the vulnerability became generally known. Usually there is a "window of vulnerability" between when the flaw is discovered and when the vendor issues a patch. The hope is that the vendor issues the patch before writers of so-called "malware" can exploit the flaw. If the malware writers have the flaw first, then the vendor has "zero days" to create a patch.
"Microsoft is continuing its investigation of public reports of attacks against a new vulnerability in IE," the company said in a security alert updated yesterday. "We are actively investigating the vulnerability that these attacks attempt to exploit. We will continue to monitor the threat environment and update this advisory if this situation changes."
"On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through a service pack, our monthly security update release process, or an out-of-cycle security update, depending on customer needs."
What should Internet Explorer users do?
• Change the program's internet zone security setting to "high". This should protect against all known exploits of this vulnerability by disabling scripting and disabling less secure features in IE. It is, however, likely to slow down a user's web experience.
• Log out of your computer and create a new user account which has limited rights to change the PC's settings. Log in as that user. This should reduce the chances of anyone being able to exploit the flaw should your computer become infected.
• Keep antivirus software up to date. This is likely to have only limited effect as most antivirus software packages only investigate files that are downloaded from the internet, rather than looking at every page visited.
• Switch to another browser, preferably Firefox. This is by far the best option.

See less See more
1 - 1 of 11 Posts
Thanks Dennis, kind of hard to get too excited about these MS annoucements when they happen at least once per week.

What really ticks me off about MS is you can buy protection from MS for extra $$$ (MS Live One and Windows Defender). So basically they build an operating system that is vulnerable to attacks and they have the ability to protect their operating but if you want the protection you have to pay extra. So WTF...MS has the ability to protect computers but they chose not to so they can sell us additional protection products....what a freaking scam.
1 - 1 of 11 Posts
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.