A security company is warning all of us that three unpatched flaws in Internet Explorer now pose a very high danger. Their emergency warning comes after code to exploit one of the issues was published to the Internet.
The company, Secunia, has raised its rating of the vulnerabilities in Microsoft's browser to "extremely critical," its highest rating. The flaws, which affect IE 6, could enable attackers to place and execute programs such as spyware and pornography dialers on victims' computers without their knowledge. Exploit code for one of the vulnerabilities, a flaw in an HTML Help control, was published on the Internet on Dec. 21.
The exploit code can be used to attack computers running Windows XP even if Microsoft's Service Pack 2 patch has been installed. The company is advising people to disable IE's Active X support as a preventative measure, until Microsoft develops a patch for the problem. It also suggests using another browser product.
According to Secunia, Microsoft has known about these flaws for three months, but has not issued a security fix yet. Microsoft said it is investigating the public reports of the exploit, adding that the delay in fixing the IE patch was related to the extensive work needed to produce an effective patch.
Secunia offers users the ability to conduct an online test of their systems to see if they are vulnerable. But it just might be time for you to change browsers.
No comments:
Post a Comment