Microsoft admitted today that a serious flaw in security has left the majority of the world’s internet users exposed to attacks from hackers hoping to steal personal data and passwords.
A loophole in Internet Explorer (IE), the default web browser on most computers, allows criminals to commandeer victims’ PCs by tricking them into visiting unsafe websites.
It is thought that two million computers have already been affected as Microsoft conceded that 1 in 500 internet users may have been exposed.
Computer users are advised by some security experts to switch to an alternative internet browser, such as Firefox or Google Chrome, to avoid the hackers who have so far corrupted an estimated 10,000 websites.
Microsoft said that it is considering the release of an emergency update to correct the flaw. The computing company claims that it has only detected attacks on Internet Explorer 7, the most common version of the browser, but gave warning that other versions are also potentially vulnerable.
The hack was initially devised by Chinese criminals, who have been stealing computer game passwords that can be sold on the black market.
However, Paul Ferguson, a security researcher for Trend Micro Inc, an anti-spyware provider, said that the security breach is so severe that it could be “adopted by more financially motivated criminals for more serious mayhem — that’s a big fear right now”.
Since the security flaw was reported on December 9, Microsoft said that there has been an exponential increase in attacks attempting to make use of the vulnerability. These opportunistic hackers who exploit known security breaches are called “zero-day” attackers.
These threats occur as hackers race against software makers to attack the affected programmes, such as IE, before the known problems are repaired.
“Zero days are unusual — and zero days in the world’s most popular browser on the world’s most popular operating system are really unusual,” said a Trend Micro spokesman. “The threat from it is only going to grow.”
John Curran, a spokesman for Microsoft, said: “Right now it’s affecting about 0.2 per cent of users who may have come in touch with the vulnerability.
“It has the potential to move world wide rather quickly so it’s a significant issue and that’s why Microsoft is working diligently to get it resolved as quickly as possible.
“We are recommending four steps [see below] which would protect you from the vulnerabilities we know today but there could be variations to the vulnerabilities.
“Obviously the chance for this to be exploited is there.”
The company is telling users to employ a series of complicated workarounds to minimise the threat. It has been suggested that increasing the internet security zone level to high and disabling Ole32db.dll in the access control list could help protect a computer.
Some security experts, though, have advised IE users switch to another browser until an update is released. The next scheduled patch is not due until January 13 but it is not unusual for Microsoft to release an emergency patch.
Microsoft have struggled to build an appropriate patch thus far because the affected component is at the very core of the IE programme and any changes to the central code could cause a number of unexpected side-effects.
Microsoft’s advice for Internet Explorer users
1. Keep your anti-virus up-to-date. Microsoft has circulated the definitions of these vulnerabilities to all the major anti-virus providers.
2. Reset Internet Explorer to run in protected mode. This is the default mode in Windows Vista but not XP or the earlier versions.
3. Set zone security to high.
4. Ensure Windows is updated. You can do this manually through Windows updater or set it to automatic updates.
More complex and comprehensive approaches are listed on the Microsoft website .
http://www.microsoft.com/technet/security/advisory/961051.mspx
Join the official YWN WhatsApp status
15 Responses
Hi, I’m a MAC and this is another reason why NOT to be a PC!
Use MOZILLA FIREFOX
odd that nothing about this on microsoft’s website
Yet another reason why anyone still using IE should have switched to Firefox long ago.
Google Chrome is a nice browser, too, although it needs some more work, but they call it “beta” for a reason. 😉
The Yeshiva Insider
That link at the bottom of the story aint Microsoft’s website? 🙂
I just recently used microsoft tech support and they really were amazing!!! Patient and helpful… and they helped me for free and called me back to make sure everything was working ok!! Hopefully they will get this under control but any hacker virus issues get in touch with them and they will be very helpful!
Microsoft is releasing a patch for this flaw today (Wednsday). If you have auto updates turned on you will automatically receive the patch.
To #4 – Google Chrome is no longer in Beta. They came out of beta last week.
As for Firefox being better, the only reason why there are not so many security problems with FF is because not as many people use it. If you were a hacker wouldn’t you target the browser that most people use? IE still has 70% of the market share. I personally find that Firefox hogs alot more of my computers RAM than IE does.
Can someone please explain what Firefox is and how to get/use it?
thanks!
#8,
http://www.Firefox.com
#7 can u provide a link if i dont have auto date
FIREFOX- The ultimate in browsing. Kicks all the rest in simplicity and geshmakeit!
to # 3-
odd that nothing about this on microsoft’s website
Comment by PM — December 16, 2008 @ 11:41 pm
????????? DO YOU READ????
4. Ensure Windows is updated. You can do this manually through Windows updater or set it to automatic updates.
More complex and comprehensive approaches are listed on the Microsoft website .
http://www.microsoft.com/technet/security/advisory/961051.mspx
As someone who’s been actively involved in Internet development for 13 years, I find this to be a great opportunity to point out that there are many alternatives in the software world. As a rule, those alternatives are superior to Microsoft’s offerings.
If you are running Windows, then odds are that when you want to access the Web you run a program (known as a web browser) called Microsoft Internet Explorer. That’s the program whose icon is pictured at the top of this article. I’ve found that most people don’t realize that this is not their only option. They use it because it came with their computer and it never occurred to them that they have other options. There are many other web browsers available and every one of them is superior in security, reliability, flexibility, and (although this is subjective) usability. The general experience of a web developer (at least all those with whom I’ve commiserated) is that it is relatively easy to develop for most browsers, and then we have to contort ourselves into pretzels to work around IE’s (Internet Explorer’s) bugs. From a security perspective, although all programs have issues, IE has been egregiously bad — in terms of number of security flaws and response time in fixing them. A long touted defense has been as #7 stated that IE is a more appealing target since it more people use it. That explanation could work if there were just *relatively* more flaws found in IE, however the number of flaws found in IE are way out proportion to its competitors. It really is a dissatisfying product. As #7 points out in his conclusion, the competitors are not flawless gems, but even the weakest of them trounces IE.
In any case, I’d highly recommend trying out the alternatives. If you don’t like them, just go back to using IE. They’re easy to install and you can run different browsers at the same time, so it’s not like you’re committing to anything. Without fail, everyone who has switched browsers has been happy with the results. (to speak nothing of those who have switched operating systems! Everyone who has switched to Macintosh has loved it!)
The top alternative browsers are:
* Firefox
* Google Chrome
* Opera
* Apple Safari
I personally use the first two (Firefox and Chrome). Chrome is lightweight and a joy to use, especially if you have many pages open at once (which I often have when I’m doing research). Firefox is a little heavy by comparison (but still somewhat lighter than IE). I like to use it for its content filters and 3rd party enhancement “Add-ons”. Both are very stable and usable. I haven’t played with Opera in years, so I can’t comment. And I use Safari on my Mac, but have never tried it on my PC. If I had to pick one to suggest, I’d say Chrome.
The websites for downloading these browsers are:
* Firefox: http://www.firefox.com
* Google Chrome: http://www.google.com/chrome/
* Opera: http://www.opera.com
* Apple Safari: http://www.apple.com/safari/
I always used IE until recently, but i find it slow and has extremely annoying glitches. Google chrome is really a pleasure to use compared to Microsoft Windows!! I just downloaded mozilla firefox too I like it so far, but I like Chrome better.