Slashdot Mirror

← Back to Stories (view on slashdot.org)

Zero-Day IE Exploit Takes Control of PCs

Posted by CmdrTaco on from the here-we-go-again dept.

anethema writes "A remote IE exploit with implementations is currently in the wild. From the article: 'Exploit code for a critical flaw in fully patched versions of Microsoft Corp.'s Internet Explorer browser has been released on the Internet, putting millions of Web surfers at risk of computer hijack attacks.' Aparently all you have to do is browse the page to be affected. There is no patch, but since it is a JavaScript exploit, you can work around it by disabling JavaScript."

53 of 567 comments (clear)

  1. And as usual... by Billosaur · · Score: 5, Funny

    From eWeek: The group that published the exploit said Microsoft has been aware of the Javascript Window() vulnerability for several months but was mistakenly treating it as a low-priority denial-of-service flaw.

    Because anything that allows a malicious user to exploit your system and hijack isn't a flaw... it's a feature!

    --
    GetOuttaMySpace - The Anti-Social Network
    1. Re:And as usual... by meringuoid · · Score: 4, Funny
      Because anything that allows a malicious user to exploit your system and hijack isn't a flaw... it's a feature!

      This kind of thinking is extremely $sys$profitable irresponsible.

      --
      Real Daleks don't climb stairs - they level the building.
    2. Re:And as usual... by zootm · · Score: 5, Funny

      This kind of thinking is extremely $sys$profitable irresponsible.

      My god, Sony have provided a viable Windows alternative to the old ^W^W^W^W *nix joke... it's worse than we thought!

    3. Re:And as usual... by mazarin5 · · Score: 5, Funny
      My god, Sony have provided a viable Windows *nix joke

      Huh?

      --
      Fnord.
    4. Re:And as usual... by Ibix · · Score: 4, Funny
      This kind of thinking is extremely $sys$profitable irresponsible.

      "I have seen the fnords..."

      I

  2. I'm glad to see that by WhiteWolf666 · · Score: 3, Funny

    Microsoft's total time of 0wnerzship continues to decrease.

    Its important for MS to keep ahead in this area.

    --
    WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell
  3. Is there a tenor in the house? by MikeMacK · · Score: 5, Funny
    The SANS ISC's Ullrich said IE users should consider switching to Firefox of Opera.

    Ah, the Firefox of Opera - who is that, Pavarotti?

    1. Re:Is there a tenor in the house? by Anonymous Coward · · Score: 1, Funny

      Naaah Pavarotti would be the Waterbear of Opera.

  4. This is why... by MartinG · · Score: 5, Funny

    I use netcat.

    --
    -- MartinG To mail me: echo kewyjlcxyzvjfxbqwh | tr bcefhjklqvwxyz .@adgimnoprstu
  5. Thank you by steveo777 · · Score: 5, Funny

    Now that you've read the comments, your Windows box belongs to OSTG. Please stand by while we load Linux.........

    --
    This sig isn't original enough, it's time to come up with something witty...
    1. Re:Thank you by lahvak · · Score: 2, Funny

      It didn't work!

      --
      AccountKiller
  6. Give it 5 by intmainvoid · · Score: 4, Funny
    We have also been made aware of proof of concept code that could seek to exploit the reported vulnerability but are not aware of any customer impact at this time

    Well, there might be no customer impact at this time, but seeing as the exploit is published now, can I ask you again in about 5 minutes?

    --
    Drag n' Drop DVD Recommendations
  7. Re:This is why... by Anonymous Coward · · Score: 3, Funny

    This why I use a mainframe. Micros are just toys, bad enuff they have crummy hardware but their software is crap too.

  8. In other news by epsalon · · Score: 3, Funny

    The sun has risen this morning, and the Earth is rotating around its axis.

    Nothing to see here - move along.

    --

    Make even shorter URLs - 8LN.org

  9. This is why... by BushCheney08 · · Score: 5, Funny

    I don't browse the web.

    --
    Be a real patriot: Question authority. Think for yourself. Formulate your own conclusions.
  10. Re:This is why... by msdschris · · Score: 5, Funny

    I use telnet and render the HTML mentally.

  11. Re:This is why... by buswolley · · Score: 2, Funny

    I use CowboyNeal. --oops.

    --

    A Good Troll is better than a Bad Human.

  12. Re:This is why... by ZiakII · · Score: 3, Funny

    I use lynx....

  13. Re:The facts please by Sockatume · · Score: 1, Funny

    Fact: The other browser is the safer one. *runs*

    --
    No kidding!!! What do you say at this point?
  14. Re:Ouch. by Anonymous Coward · · Score: 1, Funny

    We wouldn't have this problem if we'd stuck with Netscape 1.0! But nooo, everyone wanted to see the fancy-pantsy javascript-based animations. Why in my day, javascript animations were called flip books, and we had to walk 15 miles in the snow to buy one. uphill. both ways.

  15. Re:This is why... by aicrules · · Score: 3, Funny

    Only to be stricken by sloppy internal perception code causing random synapse firings building to a pace that you suddenly just start breakdancing.

  16. DUPE! by andreMA · · Score: 3, Funny

    Oh, wait... it just seems that way. Carry on...

  17. lazy story submitters by mapmaker · · Score: 5, Funny
    Aparently all you have to do is browse the page to be affected.

    What, no link?

  18. Re:This is why... by Scoth · · Score: 5, Funny

    You say that in jest, but imagine the possibilities for exploits when/if we get the point of direct neural implants for communications and such. Just imagine, instead of porn popups, lockups, and reboots we'll have people suddenly yelling about viagara at the top of their lungs, freezing up and falling over mid-stride, and suddenly forgetting where they are.

    Maybe anyway :)

  19. Browser? by cloudkiller · · Score: 2, Funny

    IE? I don't have that; I use Windows.

    --
    [an error occurred while processing this sig]
  20. Thank you by nealfunkbass · · Score: 4, Funny

    The holidays are a time for giving.

    Now that you've RTFA, and you are now looking at the comments page, the staff of Slashdot and EWeek would like to thank you for visiting our web pages and giving us full control of your windows PCs.

    Happy Holidays!

    --
    - Donny was a good bowler, and a good man.
  21. Re:This is why... by Anonymous Coward · · Score: 5, Funny

    You've met my grandfather, I take it.

  22. Re:This is why... by andreMA · · Score: 5, Funny

    Two of those three would apply to the current crop of US politicians. All three if you count Bob Dole.

  23. MS anti-spyware utility will stop this by digitaldc · · Score: 4, Funny

    I am pretty sure MS anti-spyware will stop this from launching

    --
    He who knows best knows how little he knows. - Thomas Jefferson
  24. Re:This is why... by lordofthechia · · Score: 5, Funny

    "I use telnet and render the HTML mentally."

    You get used to it. I don't even see the code. All I see is blonde, brunette, redhead.

    --
    Georgia Tech, the leader in Chia(tm) technology.
  25. Stay Strong Microsoft Freaks! by Anonymous Coward · · Score: 1, Funny

    Stay strong guys!

    Don't let anyone or anything stop you from running IE. It's part of your identity.

    The security nightmare of surfing with IE is a small price to pay for keeping up your image as a "Microsoft Guy"

  26. Hmm.... by Lonath · · Score: 5, Funny

    Isn't Google's master plan to take over the world dependent upon people using AJAX? If IE has a critical flaw using javascript, and everyone has to turn it off, then nobody will be able to use Google's new products and... Hey wait a minute.

    --
    Best. Comment. Ever. Enjoy!
    1. Re:Hmm.... by Anonymous Coward · · Score: 1, Funny

      Damnit, you figured it out. Now you must be shut up. Balmer is on his way over to take care of you right now.

      Signed,
      Bill Gates

  27. WINDOWS HAS "OPEN DOORS" DAY, ANYONE WELCOME! by Anonymous Coward · · Score: 1, Funny

    Windows has yet another "Open doors day - everyone warmly welcome" day! Jesus Christ, why do we let this happen?

  28. Re:The facts please by Anonymous Coward · · Score: 1, Funny

    FACT: Dolphins are Mammals.

    FACT: China is big.

    FACT: You're attempt to steer a slashdot discussion is like herding cats.

    FACT: My inappropriate use of "you're" in the above sentence has ticked off a grammer nazi.

  29. Re:This is why... by lordofthechia · · Score: 5, Funny

    I phone the webmaster and ask him to read me the webpage.

    --
    Georgia Tech, the leader in Chia(tm) technology.
  30. Re:This code by vear · · Score: 3, Funny

    MS-DOS or DR-DOS? I don't know which one is worse.

  31. Re:Ouch. by pen · · Score: 2, Funny

    I read that address as "awreckedford.com".

  32. Re:This is why... by HogynCymraeg · · Score: 2, Funny
    I use telnet and render the HTML mentally.

    IRCers who talk to "Babes" have been using this technique for years!!!
  33. Re:Ouch. by TheRealMindChild · · Score: 5, Funny

    DOH! http://validator.w3.org/check?uri=http%3A%2F%2Fwww .comm.utoronto.ca%2F%7Eeckford%2F
     
      Result: Failed validation, 7 errors

    --

    "When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
  34. Re:...or by not using Internet Explorer by dallask · · Score: 5, Funny

    solution:
    Buy sony cd,
    install rootkit
    rename Explorer to $sys$explorer.exe

    --
    The Code Ninja is swift with his tool, precise in his delivery, and deadly accurate in his execution.
  35. Re:This is why... by glebd · · Score: 2, Funny

    Asylums are full of crashed brains.

  36. Re:Ouch. by timeOday · · Score: 2, Funny

    Gettin' kinda fancy with the horizontal rule, ain't ya?

  37. Re:Ouch. by Anonymous Coward · · Score: 1, Funny


    I wonder if you would have been so quick to share your website if this was your job.

    It must be very difficult to be humble for people who are as great as you.

  38. Re:This is why... by OakDragon · · Score: 5, Funny

    There is an exploit that my computer suffers from every day. It's called the 'Slash.ORG' worm, and it doesn't matter what kind of browser you use. Once the browser navigates to a certain website, it tends to stay there, refreshing as needed. It's called a DoPE attack, or 'Denial of Productivity for Employer.'

    --
    Dark Reflection
  39. Re:Duh! (+1, informative) by meringuoid · · Score: 2, Funny
    A: Because 31 (hex) == 27 (dec)!

    I always get depressed as the nights draw in towards the end of Hextober; how about you?

    --
    Real Daleks don't climb stairs - they level the building.
  40. Re:This is why... by flamingweasel · · Score: 2, Funny

    You're using the PHONE? Fool!

    --
    Cthulhu loves you.
  41. Re:This code by byolinux · · Score: 2, Funny

    You insensitive clod, I have to use Arachne with FreeDOS.

    --
    Join the Free Software Foundation
  42. Re:This is why... by galego · · Score: 2, Funny
    I use telnet and render the HTML mentally.

    In Soviet Russia, the HTML render you!

    --

    Que Deus te de em dobro o que me desejas

    [May God give you double that which you wish for me]

  43. Re:This is why... by caulfield · · Score: 3, Funny

    The phones are tapped.

    US Mail, baby.

    Didn't anyone see The Postman

  44. Get the facts! by Xerp · · Score: 3, Funny

    Have you people not got the facts? Browsing the web using Microsoft Windows - and especially when using the excellent Microsoft Internet Explorer is proven to much more secure than using those namby-pamby, tree-hugging, communist hippy programs you can get, like that Linux thing and Firefox. I mean, no-one uses those things anyway, do they? I always make sure that I am fully patched, and that my anti-spyware and anti-virus programs and up to date. Every morning I check through my root-kit and trojan scanner reports, right after my defrag has finished. I know for a fact that this so-called exploit hasn't affected me in th [NO CARRIER]

  45. Re:This is why... by psyon1 · · Score: 2, Funny

    Man, you people and your technology. I send a request to the web master via carrier pigeon, and he sends the contents of the site back.

  46. Re:This is why... by Old+Wolf · · Score: 2, Funny

    Didn't anyone see The Postman

    Sorry, the total costner of 0wnership was too high.