Internet Explorer 6 and 7 Vulnerable to Zero-day AttackAccording to the Web security company Symantec, a newly-found security flaw in Internet Explorer 6 and 7 is making Web-surfers susceptible to malware attack from compromised and malicious websites. While no patch is yet ready for the flaw, anti-malware providers are looking to develop fresh detection signatures. Symantec states that Microsoft IE's previous versions can be attacked because of a new flaw within its CSS (Cascading Style Sheets). While disclosing the flaw via its company blog, the firm states that even as the malware displayed its weak reliability features, Symantec anticipates that an effective attack code would appear very soon. The flaw, which is associated with mshtml.dll, can be subjected to exploitation from websites using malicious JavaScript. Indeed, many illegal websites, which have already found the vulnerability, have asserted that exploiting it is not a difficult task. In case of a successful exploitation, it could lead to the crash down of the browser or help in running arbitrary code provided the user is made to access a malevolent website. Symantec also states that malware targeting the flaw can be spotted with the existing antivirus signature namely Bloodhound.Exploit.129 along with the two others namely the HTTP Malicious JavaScript Heap Spray BO IPS and HTTP Microsoft IE Generic Heap Spray BO. However, since the reliability of these signatures isn't perfect, the security company is trying to develop new signatures for the flaw. Although IE 8 has long supplanted IE 6 and 7, still versions 6 and 7 are much popular among enterprises and people because of their familiarity and compatibility. Nonetheless, security specialists suggest that computer users must deploy version 8. According to the specialists, users can best ward off the malware infection by making sure that the most recent updates and security patches are in place. More specifically, users must disable their JavaScript as well as visit only reputed websites till the time Microsoft issues a patch to fix the flaw. Separately, Microsoft has substantiated that proof-of-concept exploit exists for the vulnerability in IE 6 and 7 and it is looking into the matter. Related article: Internet Threat Volumes Overwhelm Security Companies ยป SPAMfighter News - 12/3/2009 |
Dear Reader
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!



