Monday, December 22, 2008

Serious security flaw found in Internet Explorer

You might be awared that recently, there is a serious security flaw found in Internet Explorer versions 5.01, 6 and 7. The security bug is related to the way Internet Explorer handles XML (Extensible Markup Language), which allows hackers to put and run trojan horse program in your computer without your knowledge, when you visit infected website with unpatched Internet Explorer.

In fact, this exploits have already been rigged into many hacked Chinese language websites. Later, launching of massive SQL injection attacks to thousands of legitimate websites to serve this exploit were also found and over 100,000 websites were affected.

In simple words, if you are using Internet Explorer to browse websites, and you haven't patch up this security flaw via Windows' Automatic Updates service or manually download and install the patch, your computer is vulnerable to the attack, and your password and other information could be exposed and stolen by the hackers. Your computer can also be made use by hackers to launch further attacks to other computers.

This security issue is discussed in Microsoft Security Bulletin MS08-078 (KB-960714) published on 17 December 2008, and rated as Critical by Microsoft. Microsoft has responded quickly and come out with an out-of-band patch. Links to download the security patch for various version of Internet Explorer is available in that article.

Therefore, you should immediately patch up your Internet Explorer, or use other browsers such as Firefox to surf the Internet. However, Firefox has also just released a new version 3.0.5 which fixed up several security issues (which were not as critical as the Internet Explorer's security flaw). Even though you use Firefox (or SeaMonkey suite), it is also advisable for you to update the browser to the latest version.

You may click here to go to the download page of Firefox.

How do you know the security patch has been applied to your computer?

For Windows XP, run the "Add or Remove Programs" in the Control Panel, and ensure the "Show updates" option is selected. You should be able to find the installed patch in the listing under Internet Explorer 7 as "Security Update for Windows Internet Explorer 7 (KB960714)" as shown in the diagram below. You should also ensure that other earlier security patches also installed for your browser.

0 comments:

Post a Comment

Hint: Click on the "Older Posts" link to continue reading, or click here for a listing of all my past 3 months articles.