Security experts warn of bug in Internet Explorer

No primary category set

According to security experts from Rapid 7, there is a new security vulnerability which affects all the latest versions of Internet Explorer (IE7, IE8 and IE9) on Windows XP, Windows Vista and Windows 7.

Currently there is no fix from Microsoft, although doubtless this will come in due course. However I’ve also heard from several Windows 7 users that they’re having difficulties applying the latest fixes from Microsoft Windows Update, so even when the fix becomes available you may find you can’t install it. The updates KB273500 and KB2660649 appear particularly troublesome but other updates will install if you manually exclude these when you attempt to update your computer.

Apparently the latest Internet Explorer exploit can be triggered simply by visiting an infected website and gives the attacker the same privileges as the current user. That means if you’re logged in as a Windows administrator you’re especially vulnerable, although it’s serious enough even if you’re only logged in as a standard user.

Rapid 7 advise that until an update is available from Microsoft you use alternative Internet browsers such as Firefox or Chrome. That’s easier said than done however as so many other programs are totally reliant on Internet Explorer. Even eBay’s TurboLister requires IE to run as do a myriad of other utilities from hundreds of software vendors around the world.

It’s expected that Microsoft may issue a Security Advisory regarding the new exploit. In the mean time try not to use IE unless you absolutely have to.

18/9/12 Edited to add:

Microsoft have now issued security advisory 2757760 with a workaround to protect computers against the vulnerability. In truth it’s far to complex for most people to configure and may result in some websites being unreachable and some software not operating correctly. Microsoft have yet to issue a fix through Windows Update.

RELATED POSTS..

Shopify Amazon Pay to end - Amazon respond with increased reserves

Shopify Amazon Pay to end – Amazon respond with increased reserves

Temu MASA Certification for User Security and Privacy

Temu MASA Certification for User Security and Privacy

Amazon Disbursements held due to unmet UK business establishment requirements unfreeze disbursements says Minister

Enterprise minister tells Amazon unfreeze disbursements

Amazon Disbursements held due to unmet UK business establishment requirements unfreeze disbursements says Minister

Amazon Disbursements held due to unmet UK business establishment requirements

Ecommerce SNAFU - Swearing & Cancelled Deliveries

Ecommerce SNAFU – Swearing & Cancelled Deliveries

Featured in this article from the ChannelX Guide – companies that can help you grow and manage your business.

Register for Newsletter

Receive 5 newsletters per week

Gain access to all research

Be notified of upcoming events and webinars