A new potentially serious issue has been found in Internet Explorer 7 – updates from Microsoft released on Dec 9th do NOT contain a fix for this issue and as of latest publications – a fix has not been found.
This thing downloads a trojan to your computer and can completely compromise your system. It is infecting websites around the world – most of those published are not sites that our customers would typically use – but you never know how far it will go. It is not affecting email at this time.
Microsoft has released a list of technical ‘workarounds’; but as usual, most of those are things the average user would not understand or know how to do without potentially breaking the functionality of the computer.
Our Recommendations:
– Don’t use Internet Explorer if you don’t have to (use an alternative like Firefox, Opera, or Safari)
– Make sure that your computer is current with its antivirus, spyware, and windows updates
– Use common sense when visiting sites that you don’t normally visit
If you would like to check it out yourself, these sites provide more information:
http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20081210
http://www.microsoft.com/technet/security/advisory/961051.mspx
We’ll keep an eye on it and let you know when they get it fixed.
************************************************
From Microsoft’s Security Bulletin 961051:
“Microsoft is investigating new public reports of attacks against a new vulnerability in Internet Explorer. Our investigation so far has shown that these attacks are against Windows Internet Explorer 7 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, Windows Vista, Windows Vista Service Pack 1, and Windows Server 2008.”
Revisions to this bulletin:
December 10, 2008: Advisory published
December 11, 2008: Revised to include Microsoft Internet Explorer 5.01 Service Pack 4, Internet Explorer 6 Service Pack 1, Internet Explorer 6, and Windows Internet Explorer 8 Beta 2 as potentially vulnerable software. Also added more workarounds.
December 12, 2008: Revised to correct operating systems that support Windows Internet Explorer 8 Beta 2. Also added more workarounds and a reference to Microsoft Security Advisory (954462). (This
December 13, 2008: Revised to add the workaround, Disable XML Island functionality. Also, in a FAQ entry, clarified the list of recommended workarounds and added the blog post URL for recommended workarounds.