Microsoft admits security flaw; Stop Exploring, experts say

There's a critical security hole in Internet Explorer, the world's most popular web browser.

The unpatched vulnerability, first discovered by hackers and recently acknowledged by Microsoft, could allow someone to gain access to a computer through a website that executes a malicious code. Some 10,000 sites have been compromised so far, putting passwords, financial data, and other sensitive information at risk.

In a lengthy security advisory memo on its website, Microsoft urges users to change their "Internet zone security setting" to "high" and to run the browser in "Protected Mode."

Computerworld has a good tech-heavy breakdown of the exploit and the best way savvy surfers can disable its ability to affect their machines. But the easier solution may just be to drop IE.

Internet security firm Trend Micro's Rick Ferguson told the BBC that "if users can find an alternative browser, then that's good mitigation against the threat."

Microsoft has come out against users switching to another browser, citing security flaws. "It would not be advisable to send people from one vulnerability (in Internet Explorer) to multiple vulnerabilities," Windows head at Microsoft UK John Curran told the BBC.

That statement could be in reference to a report out this week on the password managers of popular browsers. It ranked Chrome and Safari at the bottom of the list of how securely browsers safeguard login information.

Though this new exploit is the real deal and should be taken seriously, Wired News reminds that garden variety PC users needn't worry just yet.

If you're the pry-it-out-of-my-cold-dead hands sort of IE fan, there is one bright side to news that some 10,000 sites are ready to pwn your PC: so far the sites are mostly Chinese and the malicious software is mainly after passwords for computer games, which can be sold on the black market.
You've read 3 of 3 free articles. Subscribe to continue.
QR Code to Microsoft admits security flaw; Stop Exploring, experts say
Read this article in
https://www.csmonitor.com/Technology/Horizons/2008/1216/microsoft-admits-security-flaw-stop-exploring-experts-say
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe
CSM logo

Why is Christian Science in our name?

Our name is about honesty. The Monitor is owned by The Christian Science Church, and we’ve always been transparent about that.

The Church publishes the Monitor because it sees good journalism as vital to progress in the world. Since 1908, we’ve aimed “to injure no man, but to bless all mankind,” as our founder, Mary Baker Eddy, put it.

Here, you’ll find award-winning journalism not driven by commercial influences – a news organization that takes seriously its mission to uplift the world by seeking solutions and finding reasons for credible hope.

Explore values journalism About us