Tuesday, December 16, 2008

Internet Explorer Security Flaw: Update

(Bumped to keep near top)

I advised you this past Saturday to stop using Internet Explorer. There is a known security flaw in all versions. You are extremely vulnerable to an exploit getting through this hole. You don't even need to be fooled into downloading something; just visiting an infected web site can get it done, and often, the web sites you visit are not intentionally infecting you -- they themselves are infected and are unaware. As of this morning, over 10,000 web sites have been identified as infected, and the number of infected sites is increasing quickly.

Even Microsoft is all but flat-out advising users to stop using IE temporarily.

If you absolutely must use IE, Microsoft has a list of things to do about which they say: "Although these workarounds will not correct the underlying vulnerability, they help block known attack vectors." Visit their page titled Microsoft Security Advisory (961051), and under "General Information," expand the "Suggested Actions" section. In that section, expand the "Workarounds" subsection, and follow the instructions listed there.

[Added] However, Brian Krebs says not all of these appear to work, or take considerable fussing to accomplish.

Really, though, if you don't absolutely have to use IE, it'll be way easier to switch to another browser, at least temporarily. I recommend Firefox. Chrome, Opera, and Safari are three other options. None of these four browsers have this same flaw.

Brian Krebs reports that Microsoft has announced that they will be releasing a patch on Wednesday to close this security hole. Details are sparse; the implication is that it will be delivered through Windows Update. Check his blog, Security Fix, on Wednesday for news as he gets it. I'll try to note it as soon as I hear about it, too.

[Added] Confirmation and more info about this on Microsoft's Security blog.

If you want more discussion on where things stand today, this is the lead story on Buzz Out Loud podcast #873. There are links to text articles on that same page, and you can find a bunch more links on Techmeme.

Remember: friends don't let friends use Internet Explorer. Pass the word.

1 comment:

bjkeefe said...

Administrative note:

For some reason, this post became a magnet for a bunch of spam comments earlier today. As you can see, I have deleted them. If your comment was among them and it wasn't spam, I apologize. Please feel free to post it again.