Sunday, January 17, 2010

New attack vector via IE may prompt out of cycle hot-fix from Microsoft

From http://www.itworld.com/security/93009/attack-code-used-hack-google-now-public
and http://news.cnet.com/8301-27080_3-10436083-245.html

“The dangerous Internet Explorer [ exploit ] attack code used in last month's attack on Google's corporate networks is now public.”

Short summary of action items:

If anyone you know still uses IE 6 or 7 – for any reason – get them to upgrade ASAP. IE 8 might be vulnerable on XP, likely not on Windows 7 at default security settings (although if the end-user has lowered security defaults on the Internet Zone, or turned off Protected Mode, then all bets are off.)

Firefox 3.5.7 with current versions of the NOScript + Adblock Plus plugins installed and properly used by the end-user is a fairly safe browsing tool.

Not browsing the web until a hot-fix is released is not likely a satisfactory solution, but tempting none-the-less . . .