Published in yesterday's Register newsletter.
_______________________________________

Unpatched IE vuln exploited by adware

By John Leyden

Detailed information on a brace of unpatched vulnerabilities in Internet Explorer has been posted onto a dull disclosure mailing list. The flaws involve a cross-zone scripting vuln and a bug in IE's Local Resource Access and pose an "extremely critical" risk to Windows users, according to security firm Secunia. The vulnerabilities affect both Internet Explorer 6 and Outlook.

Secunia has confirmed the vulnerabilities in a fully patched system with Internet Explorer 6.0. Improved security features in the XP SP2 reportedly block exploitation but users would be ill advised to rely on beta code for protection. SP2 doesn't help users of earlier versions of Windows who are also at risk.

The vulnerabilities are actively being exploited in the wild to install adware on users' systems, security researchers warn. Other exploits - include computer viruses - based on the same techniques of tricking users into visiting a maliciously constructed website housing malign script could follow.

Etienne Greeff, director at MIS Corporate Defence Solutions, said: "This is a very sophisticated exploit using encryption and stealth technologies to deliver its payload, using previously unknown vulnerabilities to work."

Windows users should disable Active Scripting support for all but trusted websites until Microsoft releases patches to address the vulnerabilities. The vulnerabilities were publicised by a Dutch 'white hat hacker' called Jelmer, who came across an example of an exploit of the flaws already in circulation last weekend. ®

Motor cooled down, heat went down, that's when I heard that reinstall sound

IronMan,

Thanks for that, and some, do that already. Even for trusted sites ;-)

"Windows users should disable Active Scripting support for all but trusted websites until Microsoft releases patches to address the vulnerabilities."

CrazyOne

IE viruses,IE spyware,IE trojans,IE is a piece of junk.they money Billy boy makes he should start makin something a little better then IE.IN a matter of fact he should make a safer Os.People pay all this money for what?Stress,"OH!! Microsoft is a safe os".What a joke.There is 14,15 year olds that can easliy get past anything Microjunk has to offer.How can anyone stand behind microcrap that his main goal in life is to rule the world?His main goal is not your safety,if you believe this hogwash then your foolin yourself.How can anyone pay that Windows is the safest Os around.Pull up some history and archives, and you will see who is safe.People pay 200.00 for what?My car alarm is safer then windows and it cost me 150.00bux.And to top that it doest cost me a few hundred dollars a month on antidepressant pills.I have had linux for many many years without 1 virus,and spyware.and i dont have 50 security software installed on my pc to keep me safe from all that crap.People are paying big bucks for looks,and not for security.

Jake

I eagerly await the software you produce which will do better than IE and Windows.

Derek.W

We have set up a dedicated forum regarding this topic. If you are interested, it can be found at: http://forums.kurczaba.com/forum_topics.asp?FID=11

Paul Kurczaba
Kurczaba Associates

Thanks Paul Kurczaba. I've posted a new link to this.

Derek.W