Microsoft Warns Of Vulnerability IE6 and IE7

Forum Moderators: open

Message Too Old, No Replies

Microsoft Warns Of Vulnerability IE6 and IE7

engine

12:52 pm on Mar 10, 2010 (gmt 0)

Microsoft Warns Of Vulnerability IE6 and IE7 [telegraph.co.uk]

Microsoft has warned that hackers are already exploiting the flaw, which could allow them to remotely take control of a computer running Microsoft's Windows operating system. Computer users running Internet Explorer 5.01 or the latest release, Internet Explorer 8, are not affected by the vulnerability.

"At this time, we are aware of targeted attacks attempting to use this vulnerability," Microsoft said in a security advisory. "We will continue to monitor the threat environment and update this advisory if this situation changes."

gouri

1:39 pm on Mar 10, 2010 (gmt 0)

Thank you for posting this.

Microsoft has advised computer users to disable scripting in the browser window and enable the data execution prevention feature in Internet Explorer.

In IE7, I tried to check the enable the data execution prevention feature, but it wouldn't let me. The text for that is in gray when I go into Tools>Internet Options>Advanced>Enable memory protection to mitigate online attacks

Does anyone know why it is this way and if it can be changed?

Thanks.

drhowarddrfine

1:49 pm on Mar 10, 2010 (gmt 0)

Curious why you don't just upgrade to IE8. Even better, switch to any other browser.

kaled

2:34 pm on Mar 10, 2010 (gmt 0)

To enable data execution prevention (in XP) open
Control Panel\System\Advanced\Data Execution Prevention

It's not possible to enable DEP for individual programs, but you can disable it for individual programs - this may be necessary for older programs. Also, this requires a modern CPU. I think all 64bit CPUs support DEP but, for instance, older Celeron CPUs do not.

Kaled.

gouri

3:33 pm on Mar 10, 2010 (gmt 0)

I am using Windows Vista.

Do you know what I can do for this one?

Fotiman

3:46 pm on Mar 10, 2010 (gmt 0)

@gouri, the most obvious solution would be to upgrade to IE8, since inevitably you'll be doing that at some point anyway (or moving to a different browser). Is there a reason you don't simply do that?

JS_Harris

4:40 pm on Mar 10, 2010 (gmt 0)

the most obvious solution would be to upgrade to IE8

That's not a solution, it's a temporary move at best. How many more versions of IE will it take before we can believe the "and THIS version is more secure than previous versions" broken record? I've lost all confidence in IE and feel that many of these "hackers can take over your computer" problems were actually intentional but designers thought nobody would find the entrance point (they are always there with IE).

In another forum I visit it's being said that IE6 is still the most secure browser for IE USERS given that it has less built in remote user monitoring features.

There are other browser options that have a much better security record.

gouri

5:27 pm on Mar 10, 2010 (gmt 0)

the most obvious solution would be to upgrade to IE8

I agree with what JS_Harris is saying. Later on, they might find something wrong with IE8.

That is why I was asking.

Enable memory protection to mitigate online attacks is the one option I can't enable and I don't know why this is so. It is in gray.

drhowarddrfine

5:38 pm on Mar 10, 2010 (gmt 0)

they might find something wrong with IE8.

They already have on several occasions.

tangor

5:45 pm on Mar 10, 2010 (gmt 0)

DEP is usually default ENABLED in Vista. Bing "dep in vista" for many how to articles.

tangor

5:47 pm on Mar 10, 2010 (gmt 0)

I, too, recommend upgrading to IE8 (use FF, but I do keep IE updated), but I can see where web developers keep IE6 and IE7 for test purposes. I do as well... but those versions are not able to access the web, thus reducing exposure to malware attacks.