IE Exploit At Large, Microsoft Urges Scan - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
News
News
11/30/2005
12:14 PM
50%
50%

IE Exploit At Large, Microsoft Urges Scan

Microsoft is now urging users to run a complete system scan on its new Windows Live Safety Center -- which has a quirk of its own -- to detect and delete malicious software targeting an unpatched bug in Internet Explorer.

Microsoft acknowledged Tuesday that malicious software targeting an unpatched bug in Internet Explorer is on the loose, and urged users to run a complete system scan on its new Windows Live Safety Center -- which has a quirk of its own -- to detect and delete the code.

In an update of a security advisory issued Nov. 21, Microsoft noted that both proof-of-concept code and an exploit are in circulation. The exploit can compromise PCs running IE on a host of the company's operating systems, including Windows 98, Windows Me, Windows 2000, and Windows XP.

The bug, which was reported to Microsoft in May, was first thought to pose only a denial-of-service (DoS) attack risk, but more recent research by security vendor Computer Terrorism Ltd. said that the flaw could be used to hijack a machine simply by luring users to a malicious Web site.

While Microsoft has not produced a patch for the vulnerability, it said users could choose the "Complete Scan" option at its free-of-charge Live Safety Center site to check for and remove the malicious code.

In the advisory, Microsoft repeated its promise that it would "take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs."

The advisory includes several workarounds to deflect attacks, including disabling Active scripting in Internet Explorer by choosing Tools/Internet Options, clicking the Security tab, clicking on the Custom Level button, scrolling to the Scripting section, and selecting the Disable radio button next to Active scripting.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Slideshows
IT Careers: 12 Job Skills in Demand for 2020
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/1/2019
Commentary
Enterprise Guide to Multi-Cloud Adoption
Cathleen Gagne, Managing Editor, InformationWeek,  9/27/2019
Commentary
5 Ways CIOs Can Better Compete to Recruit Top Tech Talent
Guest Commentary, Guest Commentary,  10/2/2019
Register for InformationWeek Newsletters
Video
Current Issue
Data Science and AI in the Fast Lane
This IT Trend Report will help you gain insight into how quickly and dramatically data science is influencing how enterprises are managed and where they will derive business success. Read the report today!
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll