Microsoft Warns IE Browser Users to Be Cautious
Posted by Anne B. McDonald | Thursday, March 23, 2006 3:06 PM PT
Hey IE users, there's a nasty bug out there affecting the Microsoft Web browser.
Our colleague, Robert McMillan of IDG News Service,
wrote about this bug yesterday. However, today Microsoft itself warned IE users to use caution on the Web, after the disclosure that, unpatched, the flaw could allow attackers to seize control of a PC running the browser software, Bob tells us.
The bug relates to the way that IE processes information using the createTextRange() method. By presenting the browser with specially crafted code, attackers could corrupt the system's memory and trick it into running unauthorized software.
"We?re still investigating, but we have confirmed this vulnerability and I am writing a Microsoft Security Advisory on this," wrote Lennart Wistrand, security program manager with the Microsoft Security Response Center,
in a blog posting. "We will address it in a security update."
Microsoft's next scheduled set of security updates are due April 11, but Wistrand did not say whether the TextRange() bug would be patched then. Microsoft executives were not immediately available fpr comment.
Wistrand offered IE users a work-around to avoid the problem. "Our initial investigation has revealed that if you turn off Active Scripting, that will prevent the attack," he wrote.
IE users with the latest refresh of the IE7 Beta 2 Preview software, announced this week, are "not affected" by the problem, Wistrand said. Outlook and Outlook Express users are not at risk either, he added.
This is the third IE bug to be reported in recent days. The other bug, disclosed Tuesday, is also considered critical because it could also be used to seize control of a system. A third flaw, made public last Thursday, is considered less severe, but it can cause IE to crash.
The TextRange() method bug is considered the most serious of the three, however, because it appears to be relatively easy to exploit.
What browser do you use?
I normally use IE, but I use Firefox on occasion too. For the time being, i'll use Firefox, just to be on the safe side.
Firefox for my browsing. IE for testing -- to make sure my pages look right. You can assume they will in almost anything else but IE loves to render pages in various, unpredictable ways. What a sad, sad browser IE is.
Just stick with Firefox, it's that much better than IE there's really no point anymore (unless you use a lot of websites using active X controllers). But simply Tabbed browsing rules and if you get into the extensions firefox's functionality is the best.
http://sexyninjamonkey.blogspot.com/
I just switched to Maxthon which used to be MyIE2 I think for this exact reason.
SHOULD I TAKE IE OFF MY COMPUTER?
I HAVE BEEN USING AOL BROWSER IN CONJUNCTION WITH AOL INSTEAD OF IE....
I have decided to leave IE and only use the mozilla and firefox. These flaws are becoming tiring to keep up with now, I have other things to worry about.
lol got caps? Firefox ftw
FYI- Maxthon is no safer than IE. Maxthon is based on IE's core code, thus has all of the same problems.
TO avoid the issues, you need a browser that is completely unrelated to IE- like FIreFox or Opera.
My LiveCD Linux, Rapidweather Remaster of Knoppix Linux has 4 built in web browsers, Opera, Mozilla Firefox, Flock, and Konqueror.
Both Opera and Flock are configured for high security, in that when these browsers close, they delete their home directories and files. Not just clear cookies and history, cache. When the user starts Opera or Flock again, a default configuration is loaded into the home directory. Firefox is not done this way, allowing the user to save RSS feeds and other changes. Opera has 12 built in RSS feeds by default, and these load with stories in about two minutes after the browser is started, on dial up. Flock has no RSS feeds by default.
The livecd linux system is also protected by the KDE Guarddog firewall, preconfigured for web surfing and email protocols, and it is made active during the boot-up process.
Haah!
Its Microsoft. What else can you expect :P
My freind LOVES FireFox!
Firefox is so kinky and very sexy too. If it were a chick.......wow, that would be hot. IE is like a really loud, obnoxious girl with really floppy boobs that thinks she owns the world. I'd rather have the nice girl, who happens to be unique and doesnt have 10 STD's and finding 3 new ones everyweek. And you gotta love Ubuntu too.
I have been wondering is there was a simple way to check if my always on connection was a "spam bot".
If some unknown party had taken control of my pc. I run all the best anti-everything software and all the mal-everything cleaners once a week but is there a way to check to be sure ?,,
All the articles always say there are millions of bot-spam-compromised computers out there, but I don't ever see anything that can tell me if I may be one of them?
Any answers?
The solution's pretty simple. Use IE for frequently visited sites that you know to be legit and bug free; use alternative browser like Firefox for new websites or for internet searches.
bp, that was uncalled for.
I barely use IE at all unless the site only runs on IE properly no matter what! I use Firefox all the time and with the IE tab and ScriptBlocker extensions so i don't have to worry about these hackers, i have top class antivirus and firewall meh..hack me if you can
I know longer have any need for IE. Firefox is my Browser and will always be!!!! IE Tab was updated, so any sites that don't like firefox i use IE Tab. However, IE Tab is not for globel use because its vulnerable to pop ups. Duh!!! Can't wait unitl 2.0 comes out this summer and probably well before IE 7.
What's IE? I use the world thingy with the animal wrapped around it.
IE is the slowest on dial-up I have ever used and I've used them all over and over again. That includes IE7. Firefox is number one and Opera is number two for me. IE, clean up your act and we'll talk again. Till next time.
Opera is the safest...period.
Hi. Anyone know how to remove IE from your machine once it has already been corrupted and refuses to be "erased"? Thanks
hi. i once had a problem removing ie becaused it crapped out. I updated ie and it installed all the correct hooks that is: it over wrote the old version and i was able remove it ny going to control panel and then clickingon remove window components and
removing internet explorer note:you are putting a clean copy of ie where the old copy should have been
then it work or delete properly. Hope this works for you it worked for me :but that was a couple of years ago. some programs get lost and cannot be erased until they are put back in their proper place.