June 13th, 2012, 02:38 PM #1
IE zero-day attack used to hijack GMail accounts
'State-sponsored attackers' using IE zero-day to hijack GMail accounts | ZDNet
By Ryan Naraine | June 13, 2012, 9:36am PDT
Summary: Microsoft’s advisory speaks of “active attacks” and follows a separate note from Google that references the IE flaw “being actively exploited in the wild for targeted attacks.”
Microsoft and Google have separately warned about a new Internet Explorer zero-day being exploited to break into GMail accounts.
The browser flaw, which is currently unpatched, expose Windows users to remote code execution attacks with little or no user action (drive-by downloads if an IE users simply surfs to a rigged site).
Microsoft’s advisory speaks of “active attacks” and follows a separate note from Google that references the IE flaw “being actively exploited in the wild for targeted attacks.”Microsoft’s explanation of the issue
The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker’s website. The vulnerability affects all supported releases of Microsoft Windows, and all supported editions of Microsoft Office 2003 and Microsoft Office 2007.
The vulnerability exists when MSXML attempts to access an object in memory that has not been initialized, which may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the logged-on user.They say technology slows down for no one. I know it outruns my wallet. I figure its because my wallet isn't light enough yet.
TechIMO Folding@home Team #111 - Crunching for the cure!
dulce bellum inexpertis
June 13th, 2012, 05:42 PM #2
- Join Date
- Oct 2001
- Blog Entries
Simple fix use another browser
June 14th, 2012, 12:25 AM #3
Another reason why I hate IE and love Firefox.
June 14th, 2012, 01:12 AM #4
I should probably stop using IE these days with all of its security vulnerabilities. I'll probaly switch to Firefox.
June 14th, 2012, 01:21 AM #5
Go for it! And when you do be sure to download the add-ons Noscript and adblock. In Noscript's settings you can enable base second level domains to be exempt. It can be cumbersome but it will stop the crap malware from entering your computer from the begin with.
Couple more add-ons to install. Do not track plus and Betterprivacy.
June 14th, 2012, 01:47 AM #6
I will download it next week. Thanks for the suggestions of add-ons!
June 14th, 2012, 05:25 AM #7
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
By AntiCasual in forum Applications and Operating SystemsReplies: 0Last Post: February 8th, 2011, 01:25 AM
By proffit in forum General Tech DiscussionReplies: 29Last Post: October 7th, 2004, 11:36 AM
By jmoore2001 in forum General Tech DiscussionReplies: 50Last Post: September 10th, 2004, 09:09 AM
By Overclocked412 in forum Applications and Operating SystemsReplies: 10Last Post: March 5th, 2004, 12:32 PM