Microsoft Software Flaws Increase Sharply But Majority Affect IE
A new report by security vendor ESET holds mixed news for enterprises running on Microsoft technology.
A new report by security vendor ESET holds mixed news for enterprises running on Microsoft technology.
A pair of vulnerabilities in Internet Explorer are currently being exploited in the wild to install malware on computers that visit at least one malicious Web site, security researches warn.
The classic drive-by download attack targets the English versions of IE 7 and 8 in Windows XP and IE 8 on Windows 7, security firm FireEye warned in a company blog post Friday. However, the security researcher wrote that its analysis indicated that other languages and browser version could be at risk.
A pair of vulnerabilities in Internet Explorer currently being exploited in the wild to install malware on computers that visit at least one malicious Web site, security researches warn.
The classic drive-by download attack targets the English versions of IE 7 and 8 in Windows XP and IE 8 on Windows 7, security firm FireEye warned in a company blog post Friday. However, the security researcher wrote that its analysis indicated that other languages and browser version could be at risk.
A zero-day vulnerability in Internet Explorer 8 let hackers compromise a U.S. Department of Labor website linked to a database used by former Energy Department employees who had worked with nuclear weapons or uranium. That database was also used by Labor Department claims examiners.
Security firm Invincea, which reported the attack, has advanced the possibility that the hackers were compromising one U.S. government department in order to attack another.
Internet Explorer 8 is still the most-used version of Microsoft's web browser family, according to data from Net Applications. Late Friday, Microsoft posted word that it had discovered an exploit in the browser but noted the issue issue does not appear to affect any other versions.
Microsoft today said it will ship nine security updates next week, two rated "critical," to patch Internet Explorer (IE), Windows, SharePoint Server, Office Web Apps and the company's anti-malware software in Windows 8 and RT.
One security expert put his money on the IE update as the most important of the pending, in part because he expects Microsoft to fix the flaws revealed a month ago at the Pwn2Own hacking contest.
Internet Explorer vulnerabilities warrant notice in this month's set of Microsoft Patch Tuesday bulletins and need to be fixed quickly even though the sheer number of patches may seem daunting.
The weaknesses leave users open to drive-by attacks where malicious code is downloaded without the user's knowledge while browsing. Not patching them because they are time-consuming will just widen the window of opportunity hackers have to exploit them, says Alex Horan, a senior product manager at CORE Security.
The results from the annual Pwn2Own hacking contest are in, and the score is as follows: hackers one, software zero.
The new year is barely two months old and it's already been a brutal one for the disclosure of new vulnerabilities. Java, Adobe Reader, Flash, Google Chrome and a number of other widely deployed applications have all been hit with a slew of serious bugs in just the last few weeks. And that's likely to get worse this week as researchers convene in Vancouver for the Pwn2Own and Pwnium hacking contests.
The browser market share figures are in for February 2013, and Internet Explorer has risen once again at the expense of Chrome, while Firefox, Safari and Opera also managed to gain users. Last month Internet Explorer managed to pass 55% global market share, according to Net Applications, and this month the most popular browser rose again to 55.82% (up 0.68% from 55.14%) to keep its commanding lead in check.