You Have Arrived at VISION INTERNET SOURCE
Let us introduce you to some of our clients. While we have great appreciation for each and every one
of our clients, these selected sites show the range of our capabilities. A
description as to the services we provide for each client will reveal
our talent and capabilities.
You are invited to contact the administrator of any site. As we have
provided a quality and profitable service to these we will serve you as
well. We look forward to becoming your online specialist!
| Microsoft Releases Critical Internet Explorer Patch |
|
The out-of-band security update fixes a
JavaScript-related vulnerability that's being actively exploited
through hacked Web sites.
By
Thomas
Claburn,
InformationWeek
Microsoft has released an out-of-band security update, MS08-078, to fix a vulnerability in its Internet Explorer Web browser that's being actively exploited. "At this time, we are aware only of attacks that attempt to use this vulnerability against Windows Internet Explorer 7," said Christopher Budd, Microsoft security response communications lead, in an e-mailed statement. "Our investigation of these attacks so far has verified that they are not successful against customers who have applied the security update. MS08-078 has a maximum severity rating of Critical for all versions of Internet Explorer." Nonetheless, Microsoft lists Internet Explorer 5.01, 6, and 7 as affected software in its Security Bulletin. It also says separately, in the FAQ section, that Internet Explorer 8 Beta 2 is affected. The vulnerability can be exploited through JavaScript code posted on malicious Web sites. Internet Explorer users may be redirected to these sites through hacked legitimate sites. If the malicious code is successful, it silently downloads malware onto the victim's computer. Microsoft typically releases software patches, referred to as Security Bulletins, on the second Tuesday of every month. When critical vulnerabilities emerge and are actively exploited, Microsoft often issues a patch as soon as it's ready. The last such out-of-band patch, Microsoft Security Bulletin MS08-067, was released on Oct. 23. It addressed a vulnerability in Windows Server service that affected all currently supported versions of Windows. That vulnerability allowed an attacker to take over affected computers remotely. When Microsoft issued its out-of-band patch in October, it cited the vulnerability's potential "wormability" -- meaning the hole could be exploited on a massive scale using self-copying malware -- as a reason for its action. But MS08-078 isn't wormable. "[That] shows that the wormability of a vulnerability is no longer a good indicator of the seriousness of a threat and that these Web-based threats are now much more dangerous than network worms," said Roel Schouwenberg, senior antivirus researcher for Kaspersky Lab, Americas, in an e-mailed statement. Indeed, Microsoft security researchers estimated that as many as 1 in 500 users of Internet Explorer could have been exposed to malware attempting to exploit the flaw. "The browser flaw had been disclosed roughly one week ago as a zero-day vulnerability, and active exploits have been around the Internet for that timeframe as well," Qualys CTO Wolfgang Kandek said in an e-mailed statement. "The workarounds provided by Microsoft were very technical and quite cumbersome to implement, making it imperative for Microsoft to release a fix as quickly as possible." Kandek suggests that Microsoft is at a disadvantage in updating Internet Explorer because its browser doesn't have a built-in update mechanism like other browser makers. Mozilla, for instance, just released Firefox 3.05 to Firefox users through its auto-update system. Microsoft is urging users of IE to test and deploy this update as soon as possible. |
Joomla / Mambo Templates
Have a unique site look with a custom built template.
tableless, css, meet w3c standards.
| Experts Say To Switch Browsers In Light of IE Vulnerability |
|
|
|
This has been fixed the following article has the details . Users of Microsoft's Internet Explorer are being urged by experts to switch to a rival until a serious security flaw has been fixed.The flaw in Microsoft's Internet Explorer could allow criminals to take control of people's computers and steal their passwords, internet experts say. Microsoft urged people to be vigilant while it investigated and prepared an emergency patch to resolve it. Internet Explorer is used by the vast majority of the world's computer users. "Microsoft is continuing its investigation of public reports of attacks against a new vulnerability in Internet Explorer," said the firm in a security advisory alert about the flaw. Microsoft says it has detected attacks against IE 7.0 but said the "underlying vulnerability" was present in all versions of the browser. Other browsers, such as Firefox, Opera, Chrome, Safari, are not vulnerable to the flaw Microsoft has identified. Browser bait"In this case, hackers found the hole before Microsoft did," said Rick Ferguson, senior security advisor at Trend Micro. "This is never a good thing." As many as 10,000 websites have been compromised since the vulnerability was discovered, he said. "What we've seen from the exploit so far is it stealing game passwords, but it's inevitable that it will be adapted by criminals," he said. "It's just a question of modifying the payload the trojan installs." Said Mr Ferguson: "If users can find an alternative browser, then that's good mitigation against the threat." But Microsoft counselled against taking such action. "I cannot recommend people switch due to this one flaw," said John Curran, head of Microsoft UK's Windows group. He added: "We're trying to get this resolved as soon as possible. "At present, this exploit only seems to affect 0.02% of internet sites," said Mr Curran. "In terms of vulnerability, it only seems to be affecting IE7 users at the moment, but could well encompass other versions in time." Richard Cox, chief information officer of anti-spam body The Spamhaus Project and an expert on privacy and cyber security, echoed Trend Micro's warning. "It won't be long before someone reverse engineers this exploit for more fraudulent purposes. Trend Mico's advice [of switching to an alternative web browser] is very sensible," he said. PC Pro magazine's security editor, Darien Graham-Smith, said that there was a virtual arms race going on, with hackers always on the look out for new vulnerabilities. "The message needs to get out that this malicious code can be planted on any web site, so simple careful browsing isn't enough." "It's a shame Microsoft have not been able to fix this more quickly, but letting people know about this flaw was the right thing to do. If you keep flaws like this quiet, people are put at risk without knowing it." "Every browser is susceptible to vulnerabilities from time to time. It's fine to say 'don't use Internet Explorer' for now, but other browsers may well find themselves in a similar situation," he added. |