Zero-Day IE Exploit In the Wild

[metadigital]

Zero-Day IE Exploit In the Wild

Posted by kdawson

from the now-delivering-spyware-to-a-pc-near-you dept.

Internet Explorer Security IT

Eric Sites writes to tell us that a new zero-day IE exploit has been found in the wild. It looks to be a bug in VML in IE. The Sunbelt blog notes, "This exploit can be mitigated by turning off Javascripting."

 

linkie 1

linkie 2

[Fionavar]

Ah java and IE - something that has always been an issue. Do you think IE 7.0 will be any more secure?

[Musopticon?]

I changed to Firefox because of this constant crap, although IE does have become increasingly safer by the year.

[Diamond]

I think that Firefox is as buggy as IE, but it is not yet popular enough to become the primary target of malware. It is always nice to have NoScript and SiteAdvisor extensions installed... just in case.

[metadigital]

Ah java and IE - something that has always been an issue. Do you think IE 7.0 will be any more secure?

<{POST_SNAPBACK}>

I doubt it.

 

The problem is that there is a significant population of people who hate Microsoft and want to hurt the company, and their products are complicated and created by large teams.

 

There will always be bugs, regression errors (where a bug that was fixed in one release is not in a subsequent release, due to the bug being added to one development code and that not being used for the newer release, usually due to simultaneous development by more than one team) and general logic flaws (compromises) in the designs.

 

IE 7 is playing catch-up to Firefox, but should be equivalent in features (Opera still has better features that the others are implementing catch-up); I would predict that IE 7 will not be fall behind Firefox by as much (if at all) again, because M$ is now prioritizing it (and must have some spare capacity when Vista rolls out the door).

 

Firefox is regarded as the underdog, so it doesn't attract every script-kiddie trying to make a name for themselves / stick it to da man, though there are viruses and trojans for EVERY OS, including Linux and OS X.

[LadyCrimson]

I'm not sure if this is the same issue or not, but this article says that Microsoft Issues Out-of-Cycle Patch for Critical IE Flaw

 

The article also mentions an exploit for PowerPoint is now being reported by McAfee.

 

This vulnerability comes at a particularly challenging time for Microsoft, according to Siobhan MacDermott, a spokesperson for McAfee.

 

"Not only has Microsoft just released an out-of-cycle patch for a recent VML Fill vulnerability, it is currently trying to convince consumers and businesses that it's a credible provider of security software," he said. "It's like closing the stable door after the horse already bolted. Too little too late."