Tuesday, December 16, 2008

Zero-day exploits targeting Internet Explorer vulnerability.

Microsoft recently expanded their Security Advisory 961051 to include all versions of Internet Explorer. The vulnerability was originally thought to only affect IE7. But is now problematic as well for a whole range of related software ... like IE 5,6,7 and 8... And some other bad news, SQL Injection attacks are being used to hack legitimate websites in order to host these exploits, turning trusted sites into malicious exploit hosts.
There are a number of workarounds that may provide some mitigation if you look at the MS Security Advisory. Other solutions are using other browsers like Firefox or Google Chrome.
And trust me ... this problem is underestimated at this moment.