Microsoft warned of a critical, zero-day vulnerability affecting Internet Explorer 6 and 7 Web browsers on Windows XP and Vista, which paves the way for hackers to download malicious code onto users' PCs.
Symantec security researchers published proof-of-concept code detailing the exploit on the BugTraq security mailing list over the weekend. To launch a successful attack, hackers could install malicious code on users' PCs by enticing potential victims to either click on a malicious link leading to a specially crafted Web page or by visiting an existing site infected with the exploit. Hackers typically lure victims to infected sites through some social engineering scheme conducted over e-mail.
Security researchers say that the exploit thus far appears to only affect IE 6 and 7 on Windows XP and Vista but could possibly affect other versions of both IE and Windows. Microsoft's latest IE 8 browser does not appear to be affected by the flaw.
Specifically, the IE bug occurs in the way IE uses cascading style sheet (CSS) information, which ultimately enables hackers to inject the exploit into otherwise legitimate Web sites, according to reports from Symantec. CSS is a function used in Web sites to define the presentation of the site's content.
So far, the exploit has exhibited signs of poor reliability, but Symantec researchers said in a blog that they expect hackers to develop a fully functional version of the attack in the near future.
Meanwhile, Symantec researchers advise users to disable JavaScript until Microsoft releases a fix for the bug. Symantec experts also recommend that in general users should keep their antivirus software up-to-date and only visit known and trusted Web sites to stay protected from future attacks.
|
Symantec's Code Red: The Law Enforcement/Anonymous E-Mail Exchange Law enforcement officials negotiated via e-mail for more than two weeks with an Anonymous group member trying to extort $50,000 from Symantec to keep stolen product code off the Internet. |
|
How To Sell IT Security Services To Your Customers Cyberattacks can cost a business thousands, even millions, of dollars, and can deal a death blow to some. Here's how IT solution providers can help guard against malicious attacks. |
|
Cybersecurity Experts: What They Know Could Scare You A recent report based on interviews with security experts in government, business and academia finds more than half in agreement that a worldwide arms race is taking place in cyberspace. |
 More
Slide Shows |
- Insider Threats: The Next Frontier for Security Resellers and SMBs
- Complete Security and Your Bottom Line: Sophos, Value and the Channel
- Tough Threats, Tougher Security: How You Can Leverage New Solutions To Combat A “Targeted Attack” Landscape
- Dark Clouds Ahead: Why the Mid-Market Needs To Ramp Up Cloud Security and How You Can Help Them Get There
