Exploit in the Wild for New Internet Explorer Flaw — Krebs on Security
Less than 24 hours after Microsoft acknowledged the existence of an unpatched, critical flaw in all versions of its Internet Explorer Web browser, computer code that can be used to exploit the flaw has been posted online.
This was bound to happen, as dozens of researchers were poring over malicious code samples that exploited the flaw, which has generated more interest and buzz than perhaps any other vulnerability in recent memory. The reason? Anti-virus makers and security experts say this was the same flaw and exploit that was used in a series of sophisticated, targeted attacks against Google, Adobe and a slew of other major corporations, in what is being called a massive campaign by Chinese hacking groups to hoover up source code and other proprietary information from these companies.
…
… this is a browse-to-a-nasty-site-and-get-owned kind of vulnerability. As such, Internet users will be far more secure surfing the Web with an alternative browser (at least until Microsoft fixes this problem), such as Google Chrome, Mozilla Firefox, Opera, or Apple’s Safari for Windows.
No doubt there will be a patch soonish, but until then…and even after then for folks who don't patch religiously.
Incidentally, do we actually know all those other browsers are safe, or is it just that no exploits are in the wild yet?
I dont’ even use Internet explorer I switch to firefox a long time ago because i knew Internet Explore had a problem.
Actually, we know that Firefox, Chrome, Safari and Opera all have vulnerabilities. While there are ways to mitigate the risks, some residual risk is inescapable. The risk level depends on your threat model. If you have a motivated, capable and resourceful attacker—say the FBI going after MLK Jr—then odds continue to favor the attacker.
I’m not sure about unpatched vulnerabilities in Lynx….
Even I, a die-hard user of PINE, have dropped Lynx.
You’d think somebody could come out with a safe browser; Half the insecurity seems to come from ‘features’ that are INTENDED to let web sites override the computer user’s preferences. I suppose that just means that a really safe browser would be bare bones.
now with windows 7 i have “deinstalled” internet explorer, but i hope that they make the version 9 of IE much more better
well, M$ shouldn´t just fix security holes.
i hate creating css files for 3 IE-versions… they should finally stick with html like firefox.
atm i use opera ( great usability )
Lynx was a text browser right ?