March 14, 2010
Hot topics :

Microsoft Expands Zero-Day IE Warning

IE patches

Did Microsoft miss a vulnerability in its latest Internet Explorer (IE) patch roundup -- or several?

Late Thursday, Microsoft updated its advisory on a zero-day vulnerability affecting its IE 7 Web browser. The updated advisory now indicates that older and newer versions of IE are also at risk from the XML zero-day (define) flaw.

As a result, the company is now warning that IE 5.01 Service Pack 4, IE 6 and IE 6 SP1, and Windows Internet Explorer 8 Beta 2 are all potentially at risk.

Threat Alerts
More »
Latest Malware
Most Dangerous Malware

The flaw stems from an issue in how Internet Explorer parses XML. Microsoft reported the vulnerability a day after issuing its December Patch Tuesday update, which contained four different fixes for versions of IE.

As of late Thursday, there were no reported public sightings of the XML flaw in action on browsers other than IE 7, according to the security watchdogs at SANS Internet Storm Center (ISC).

"I don't want to start a panic," ISC handler Kevin Liston wrote in a post on ISC's site. "We have not received any reports of attacks affecting these versions (yet.)"

Signs point to new attacks

The same, however, can't be said for attacks based on IE7. Johannes Ullrich, another handler at ISC, reported on the group's site an SQL (define) injection attack spreading by using the browser's vulnerability.

Related Articles

Microsoft itself is reporting attacks in the wild and is providing some direction as to which countries have been affected the most so far. According to Microsoft's Microsoft Malware Protection Center blog, as of late Thursday, 64 percent of reported infections were coming from the U.S., 7 percent from China, 7 percent from Canada and 5 percent from Japan.

"The exploit sites we've seen so far drop a wide variety of malware," Microsoft said. "Most commonly password stealers, like new variants of game password stealers like Win32/OnLineGames, and Win32/Lolyda; keyloggers like Win32/Lmir; trojan horse applications like Win32/Helpudalong with some previously unseen malware, which we generically detect as Win32/SystemHijack."

This article was first published on InternetNews.com. To read the full article, click here.

1
IT Offers

Partners



















The Network for Technology Professionals

Search:

About Internet.com

Legal Notices, Licensing, Permissions, Privacy Policy.
Advertise | Newsletters | E-mail Offers

Solutions

Whitepapers and eBooks

Intel Whitepaper: 2010 Intel Core vPro Processors Overview
Article: Adobe Helps PHP Developers Create Rich Internet Applications
Article: Reduce Your Infrastructure Costs with Microsoft System Center
Intel Brief: Five-Star IT Support--Intel Core 2 processor with vPro Delivers ROI of 524 Percent
Article: Security Enhancements Abound in Windows Server 2008
Intel Whitepaper: Implementing Intel vPro Technology to Drive Down Client Management Costs
Microsoft Whitepaper: Improve Communications and Collaboration
 Intel Article: Intel Core i5 vPro Brings Intelligence to the Processor
Microsoft Personalized Whitepapers and Resources for You
Microsoft Articles: Visual Studio 2010
Adobe Article: Java Developers Finding a Home at Adobe Flex
Microsoft Whitepaper: Make Better Decisions - SQL Server 2008 Business Intelligence.
MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts

Micro Focus Webcast: Boosting the Impact and Effectiveness of Software Development QA and Testing
Microsoft Webcast: Simplified Access and Single Sign-On
Intel Video: 2010 Intel Core Processor Technologies
MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits

Adobe Download: Tour de Flex Application and Explore Flex
Get Started: Create Applications Without Infrastructure Limits with the Windows Azure Platform
HP PartnerONE | SolutionsINFINITE Visit us at hp.com/partners/us
 Iron Speed Designer Application Generator
MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos

Free Adobe Online Flex Training: Check Out this Video Training Course Here
Develop Cloud Applications - Get Started Now with the Windows Azure Platform
Learn Unified Communications
Learn SQL Server 2008
Learn Windows Server 2008 R2
Internet.com Hot List: Get the Inside Scoop on IT and Developer Products
 Join the Intel AtomDeveloper Program: Develop and sell netbook applications!
Learn Forefront
Learn System Center
All About Botnets
Learn SharePoint
MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES