Microsoft “aware of limited, active attacks” against IE6 (Translation: IE6 is getting pwned) although IE7 and IE8 are also vulnerable.
http://www.microsoft.com/technet/security/advisory/979352.mspx
Via Brian Krebs’ excellent new blog.
http://www.krebsonsecurity.com/2010/01/mcafee-ie-0day-fueled-attacks-on-google-adobe/#more-473
I consider all IE versions as a bug.
I wish them all the best for IE 9
this is already being discussed here, see the second page of the thread:
http://forum.avast.com/index.php?topic=53364.msg452547#msg452547
edit: actually I just notice you posted about that before I did, but this is very relevant to the current Google issues with China.
nice one Chris ;D and +1
Hi malware fighters,
The Google hack IE6 vulnerability has now been made public, while it was uploaded to wepawet:
http://wepawet.iseclab.org/view.php?hash=1aea206aa64ebeabb07237f1e2230d0f&type=js
polonus
I believe separating IE from the Windows OS would be a step in the right direction. I wonder if MS has ever considered doing this…
Who uses IE6 nowadays ?
that’s an interesting question…why a Google employee would run IE6…
My school… :
some of the pc run it still…so I run Fx portable…still goes through their proxy so they don’t care…
36.57% of IE users; 20.99% of browsers.
[b]German government warns against using MS Explorer[/b]The German government has warned web users to find an alternative browser to Internet Explorer to protect security.
nice, it took 15 years to have such an official reaction, well I guess it’s never too late ;D
Ed Bott has a good write up about this:
http://blogs.zdnet.com/Bott/?p=1645&alertspromo=&tag=nl.rSINGLE
And a chart of what’s affected.
Hi malware fighters,
The MS fix until the next patch-round can be found here:
http://forum.avast.com/index.php?topic=52252.msg454398#msg454398
polonus
[b]Microsoft to patch hole in Internet Explorer[/b]Microsoft will patch a hole in its Internet Explorer browser that may have allowed Chinese hackers access to human rights activists’ e-mail accounts.
The firm normally issues patches at a set time each month but said that the attention the problem had received forced it to move more quickly.
It follows the French and German governments decision to advise citizens to use other browsers.
Security experts said they had seen malicious code exploiting the weakness.
If a web user were to visit a compromised site using a vulnerable browser, they could become infected with a “trojan horse”, allowing a hacker to take control of the computer and potentially steal sensitive information.
Microsoft said on 18 January that there were “very few” infected sites on the web.
But Security firm Sophos said now it had seen “copycat” sites trying to exploit the vulnerability.
“Though numbers are still very low, over the past 24 hours or so we have seen a few sites serving up malicious code attempting exploit the vulnerability,” it said in a blog post.
‘Weak link’
The bad publicity has allowed rivals such as Firefox to gain market share.
So how about the Gazelle - the next version of IE, anyone heard it again?
yeah I was thinking about it earlier today after all the fuss around IE, so no, I haven’t heard anything new about Gazelle for a while…months…
edit: btw it’s a not a new/next version of IE, it’s something completely different, just a project so far, but supposed to be more like a web oriented OS (Windows still needed ;D ) than a simple browser, so with web apps everywhere and sandboxing etc…well IIRC 
…
more here: http://research.microsoft.com/pubs/79655/gazelle.pdf
This will be patched tomorrow.
Howdy malware fighters,
There is now an new Aurora IE-Exploit POC that will succesfully circumvent DEP and works on IE8 - the French Vupen exploit:
http://www.vupen.com/exploits/Microsoft_Internet_Explorer_Use_after_free_Code_Execution_Exploit_MS_979352_0135286.php
It is only available for security vendors at the moment, but the exploits will be soon floating around on the Internet, the present explots are circulating through subdomains 3322.org and 8866.org ie.html files redirecting to a jpg with part of the exploitcode. It places down.css and log.css malware on the system that is to download other malware, the tip of the iceberg, folks, list of domain names used here:
http://extraexploit.blogspot.com/2010/01/cve-2010-0249-in-wild-xx2228866org-and.html
Time for the patch…
pol
P.S. free tool for the Aurora malware: http://download.nai.com/products/mcafee-avert/aurora_stinger.exe
There is now an new Aurora IE-Exploit POC that will succesfully circumvent DEP and works on IE8das auch noch ;D Balmer must be crying ;D