Oh really? RT @scoopsg: (zdnetasia) S'pore marketeers not chirping to Twitter's tune http://scoo.ps/dpkySs
14 minutes ago by danielgoh on twitter
TOP NEWS: iPhone 4 to ring in Singapore on Friday
ZDNet / News / Security
Microsoft: Hole exploit endangers all IE versions
Summary
Users of Microsoft's browser are at risk from untrusted as well as trusted sites, as attacks seek to drop password stealers and Trojan horses onto systems.
Topics
malware, attack, password, exploit code, internet, trojan horse, blog, game
Events
IT Priorities 2010
Sydney, Australia - 27 Jul 2010
Melbourne, Australia - 28 Jul 2010
Mumbai, India - 4 Aug 2010
Delhi, India - 6 Aug 2010
IDC's Asia/Pacific Cloud Computing Conference 2010
31 Aug 2010
Marriott Hotel, Singapore
An unpatched security hole in Internet Explorer that is being exploited affects all versions of the browser, making it more serious than originally believed when it was first publicized last week, Microsoft says.
Microsoft is investigating reports of attacks against a new vulnerability in IE but said in an update to a security advisory issued late on Thursday that all versions of IE are potentially vulnerable.
The company recommends setting the Internet zone security setting to "high" and using access control lists to disable Ole32db.dll to provide the most effective protection against an attack.
"Our latest information is that there are still limited attacks seeking to load malicious software on vulnerable systems," Christopher Budd writes in the Microsoft Security Response Center blog.
Microsoft has seen several hundred detections of exploits from around the globe, though the sites taking advantage of the vulnerability appear to be hosted on Chinese domains, Microsoft said in a Microsoft Malware Protection Center blog.
"The exploit sites we've seen so far drop a wide variety of malware--most commonly password stealers like new variants of game password stealers like Win32/OnLineGames, and Win32/Lolyda; keyloggers like Win32/Lmir; trojan horse applications like Win32/Helpud along with some previously unseen malware which we generically detect as Win32/SystemHijack," the Malware Protection Center blog says. "We fully expect the variety of malware being dropped by this exploit to broaden as the exploit code starts to circulate around the Internet underground."
People visiting trusted sites could be affected as well from sites targeted by SQL injection attacks through which malicious code is injected into sites, Microsoft says.
A Microsoft spokesman said he could not say when a fix would come. The next Patch Tuesday is scheduled for January 13.
Microsoft's updated advisory lists a number of mitigating factors: Protected Mode in IE 7 and IE 8 in Windows Vista limits the impact of the vulnerability; IE on Windows Server 2003 and 2008 runs in a restricted mode known as Enhanced Security Configuration that sets the security level for the Internet to high; the attacker could only gain the same user rights as the local user; known attacks can not exploit the issue automatically through e-mail.
This article was first published as a blog on CNET News.com.
Access data anywhere in the private cloud & enable entirely new efficiencies with EMC VPLEX.
Tech Vendor: EMC
Tech Vendor: EMC
Latest Stories
ZDNet Asia Live
(zdnetasia) S'pore marketeers not chirping to Twitter's tune http://scoo.ps/dpkySs
15 minutes ago by newsSG on twitter
@mrcolinlim but of course for more tech updates you can always visit zdnetasia.com
39 minutes ago by t_phuck on twitterRT @zdnetasia: Searchable Facebook user data posted to Pirate Bay http://bit.ly/ciJQxY
58 minutes ago by phyllis777loves on topsy
RT @HazelHassan: Facebook led police to Philippine serial killer -- http://ow.ly/2iGnh
1 hour 6 minutes ago by mnajem on twitter
RT @zdnetasia: 10 questions to ask when http://www.zdnetasia.c...
1 hour 8 minutes ago by Zoomicon on twitter
RT @zdnetasia: S'pore marketeers not chirping to Twitter's tune http://bit.ly/bF2aoa
1 hour 12 minutes ago by ellsetan on twitterFacebook led police to Philippine serial killer -- http://ow.ly/2iGnh
1 hour 14 minutes ago by hazelhassan on topsy
Isn't IT ironic?: It's the analogy security firms like to narrate, about a cautious homeowner who pays thousands o... http://bit.ly/9DZIGw
1 hour 20 minutes ago by secureduah on twitter
What the iPhone-jailbreaking ruling means http://bit.ly/aXyEf9
1 hour 34 minutes ago by mobilephone2u on twitter
S'pore marketeers not chirping to Twitter's tune http://bit.ly/dqTRZC
1 hour 46 minutes ago by GaryLambertJr on twitter
S'pore marketeers not chirping to Twitter's tune: Microblog site takes "backseat" in marketing campaigns, say Sing... http://bit.ly/axFgVh
1 hour 56 minutes ago by jeffsharonmtg on twitter
S'pore marketeers not chirping to Twitter's tune http://bit.ly/dgUuGq
2 hours 6 minutes ago by mattbnr on twitter
S'pore marketeers not chirping to Twitter's tune - Internet - News http://tinyurl.com/2bs...
2 hours 6 minutes ago by HotAboutTV on twitter
S'pore marketeers not chirping to Twitter's tune: Marketing via Twitter has not picked up in Singapore, where it s... http://bit.ly/9GEDJS
2 hours 6 minutes ago by OurAwesomeWorld on twitter
great! S'pore marketeers not chirping to Twitter's tune http://bit.ly/dotZES Good day!
2 hours 6 minutes ago by bestwinnernet on twitterWhat the iPhone-jailbreaking ruling means http://ow.ly/18lZBj
2 hours 59 minutes ago by iphoneempire on topsyhttp://bit.ly/8v7Ov3 S'pore marketeers not chirping to Twitter's tune - ZDNet Asia http://is.gd/dSngs
3 hours 6 minutes ago by easytweeting on topsyin the mean time, if you need to find PDF eBooks, you may use http://www.findpdf.us/
3 hours 37 minutes ago by findpdf on Researchers find workaround for Adobe PDF fixJust want to say what a great blog you got here! My appreciation of your work, cause i am an IT student also. Try this one too, http://w...
3 hours 45 minutes ago by winsource on Making the case for Filipino IT entrepreneurshipHi, We have ton of HP empty cartridges. Could you collect them in our office??
Thanks
Thanks Kenneth, for your insights. Good to know people out there can see the issue for what it is, and to do so impassively, that is. ...
2 days 43 minutes ago by yedwin on iPhone 4 shows prudence in procrastinationWhile I agree that the issues with the device have raised many an eyebrow, I think it's unwise to forget that many phone reviews have...
2 days 55 minutes ago by kennethkoh on iPhone 4 shows prudence in procrastinationThe online apple store http://store.apple.com/ is not available now. Maybe it's updating the pricing ;)
2 days 53 minutes ago by mingnow on iPhone 4 to ring in Singapore on FridayAfter an awful silence, finally the prices are out..
2 days 48 minutes ago by melvinchia on iPhone 4 to ring in Singapore on FridayGlad you discovered the Xfce 4.6 magic. Its other endearing feature is its phenomenal configurability. You can make the desktop look and ...
2 days 55 minutes ago by gnome_refugee on Smitten with Xfce 4yep, tried them all and xfce with compiz/emerald instead of fvwm is by far the best experience I've had. If you didn't know ther...
3 days 53 minutes ago by ggolemg on Smitten with Xfce 4@mingnow: why do you think so? How do you think the FOSS community could tackle this issue? I'm involved in a lot of efforts to get t...
3 days 59 minutes ago by fredericmuller on Taobao initiates Chinese open source revolutionGeez. I would think giving free books and getting kids to school would be a better place to start.
3 days 7 minutes ago by mingnow on India's US$35 tablet--how low can it go?I think it's great the that country with the biggest internet population is finally contributing back to the open-source world. I thi...
3 days 53 minutes ago by mingnow on Taobao initiates Chinese open source revolutionhey.there Im Wendy from a PR Agency.I find your blog interesting and well written.In days to come,we would hold an event. Therefore We ...
4 days 24 minutes ago by wendy on iPhone 4 shows prudence in procrastinationIt could be done without all these. Just use the opacity addon of Compiz.
4 days 48 minutes ago by hariks0 on How to get RGBA support in UbuntuKeep Up With ZDNet Asia
Facebook 
RSS Feeds 
Newsletters 
Twitter Inside ZDNet Asia
Sponsored
Stop Waiting Start Switching to Juniper
Free Gartner Report shows it reduces costs and increases efficiency
What makes a hospital a smart hospital?
Download your copy of 'The Smart Hospital' Resource Kit to learn more
2010 IT Salary & Skills Report
Find out the salary range of IT professionals. Join activeTechPros for free access to the report.
