Microsoft is warning of a large increase in the number of attacks aimed at an Internet Explorer vulnerability left unpatched last week. Some of the early attacks originated from a compromised Hong Kong pornserver, but the number of infected legitimate sites is in the thousands and climbing rapidly.
Microsoft is warning of a large increase in the number of attacks aimed at an Internet Explorer vulnerability left unpatched last week. Some of the early attacks originated from a compromised Hong Kong pornserver, but the number of infected legitimate sites is in the thousands and climbing rapidly.The XML attacks that began to be tracked late last week were originally thought to affect only Internet Explorer 7; current feeling is that all versions of Explorer are at risk.
Microsoft's initial warning, released Saturday, noted the compromised Hong Kong porn site, but also commented on the spread of the Trojan-dropping exploit to less prurient sites, including a Taiwanese search engine, later cleaned.
Microsoft estimated that 0.2 percent of the world's computers had been exposed to compromised sites, which number in the thousands.
The IE vulnerability is about as widespread through the browser's versions and iterations as possible. Microsoft's Security Advisory notes that the problem exists on:
"Windows Internet Explorer 7 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, Windows Vista, Windows Vista Service Pack 1, and Windows Server 2008. Microsoft Internet Explorer 5.01 Service Pack 4, Microsoft Internet Explorer 6 Service Pack 1, Microsoft Internet Explorer 6, and Windows Internet Explorer 8 Beta 2 on all supported versions of Microsoft Windows are potentially vulnerable."
The same advisory includes workarounds aimed at minimizing the risk.
Best way to avoid the risk, though, might be to shift to Firefox.
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024