Slashdot Mirror


Zero-Day IE Exploit Takes Control of PCs

anethema writes "A remote IE exploit with implementations is currently in the wild. From the article: 'Exploit code for a critical flaw in fully patched versions of Microsoft Corp.'s Internet Explorer browser has been released on the Internet, putting millions of Web surfers at risk of computer hijack attacks.' Aparently all you have to do is browse the page to be affected. There is no patch, but since it is a JavaScript exploit, you can work around it by disabling JavaScript."

32 of 567 comments (clear)

  1. And as usual... by Billosaur · · Score: 5, Funny

    From eWeek: The group that published the exploit said Microsoft has been aware of the Javascript Window() vulnerability for several months but was mistakenly treating it as a low-priority denial-of-service flaw.

    Because anything that allows a malicious user to exploit your system and hijack isn't a flaw... it's a feature!

    --
    GetOuttaMySpace - The Anti-Social Network
    1. Re:And as usual... by meringuoid · · Score: 4, Funny
      Because anything that allows a malicious user to exploit your system and hijack isn't a flaw... it's a feature!

      This kind of thinking is extremely $sys$profitable irresponsible.

      --
      Real Daleks don't climb stairs - they level the building.
    2. Re:And as usual... by zootm · · Score: 5, Funny

      This kind of thinking is extremely $sys$profitable irresponsible.

      My god, Sony have provided a viable Windows alternative to the old ^W^W^W^W *nix joke... it's worse than we thought!

    3. Re:And as usual... by mazarin5 · · Score: 5, Funny
      My god, Sony have provided a viable Windows *nix joke

      Huh?

      --
      Fnord.
    4. Re:And as usual... by Ibix · · Score: 4, Funny
      This kind of thinking is extremely $sys$profitable irresponsible.

      "I have seen the fnords..."

      I

  2. I'm glad to see that by WhiteWolf666 · · Score: 3, Funny

    Microsoft's total time of 0wnerzship continues to decrease.

    Its important for MS to keep ahead in this area.

    --
    WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell
  3. Is there a tenor in the house? by MikeMacK · · Score: 5, Funny
    The SANS ISC's Ullrich said IE users should consider switching to Firefox of Opera.

    Ah, the Firefox of Opera - who is that, Pavarotti?

  4. This is why... by MartinG · · Score: 5, Funny

    I use netcat.

    --
    -- MartinG To mail me: echo kewyjlcxyzvjfxbqwh | tr bcefhjklqvwxyz .@adgimnoprstu
  5. Thank you by steveo777 · · Score: 5, Funny

    Now that you've read the comments, your Windows box belongs to OSTG. Please stand by while we load Linux.........

    --
    This sig isn't original enough, it's time to come up with something witty...
  6. Give it 5 by intmainvoid · · Score: 4, Funny
    We have also been made aware of proof of concept code that could seek to exploit the reported vulnerability but are not aware of any customer impact at this time

    Well, there might be no customer impact at this time, but seeing as the exploit is published now, can I ask you again in about 5 minutes?

  7. Re:This is why... by Anonymous Coward · · Score: 3, Funny

    This why I use a mainframe. Micros are just toys, bad enuff they have crummy hardware but their software is crap too.

  8. In other news by epsalon · · Score: 3, Funny

    The sun has risen this morning, and the Earth is rotating around its axis.

    Nothing to see here - move along.

  9. This is why... by BushCheney08 · · Score: 5, Funny

    I don't browse the web.

    --
    Be a real patriot: Question authority. Think for yourself. Formulate your own conclusions.
  10. Re:This is why... by msdschris · · Score: 5, Funny

    I use telnet and render the HTML mentally.

  11. Re:This is why... by ZiakII · · Score: 3, Funny

    I use lynx....

  12. Re:This is why... by aicrules · · Score: 3, Funny

    Only to be stricken by sloppy internal perception code causing random synapse firings building to a pace that you suddenly just start breakdancing.

  13. DUPE! by andreMA · · Score: 3, Funny

    Oh, wait... it just seems that way. Carry on...

  14. lazy story submitters by mapmaker · · Score: 5, Funny
    Aparently all you have to do is browse the page to be affected.

    What, no link?

  15. Re:This is why... by Scoth · · Score: 5, Funny

    You say that in jest, but imagine the possibilities for exploits when/if we get the point of direct neural implants for communications and such. Just imagine, instead of porn popups, lockups, and reboots we'll have people suddenly yelling about viagara at the top of their lungs, freezing up and falling over mid-stride, and suddenly forgetting where they are.

    Maybe anyway :)

  16. Thank you by nealfunkbass · · Score: 4, Funny

    The holidays are a time for giving.

    Now that you've RTFA, and you are now looking at the comments page, the staff of Slashdot and EWeek would like to thank you for visiting our web pages and giving us full control of your windows PCs.

    Happy Holidays!

    --
    - Donny was a good bowler, and a good man.
  17. Re:This is why... by Anonymous Coward · · Score: 5, Funny

    You've met my grandfather, I take it.

  18. Re:This is why... by andreMA · · Score: 5, Funny

    Two of those three would apply to the current crop of US politicians. All three if you count Bob Dole.

  19. MS anti-spyware utility will stop this by digitaldc · · Score: 4, Funny

    I am pretty sure MS anti-spyware will stop this from launching

    --
    He who knows best knows how little he knows. - Thomas Jefferson
  20. Re:This is why... by lordofthechia · · Score: 5, Funny

    "I use telnet and render the HTML mentally."

    You get used to it. I don't even see the code. All I see is blonde, brunette, redhead.

    --
    Georgia Tech, the leader in Chia(tm) technology.
  21. Hmm.... by Lonath · · Score: 5, Funny

    Isn't Google's master plan to take over the world dependent upon people using AJAX? If IE has a critical flaw using javascript, and everyone has to turn it off, then nobody will be able to use Google's new products and... Hey wait a minute.

  22. Re:This is why... by lordofthechia · · Score: 5, Funny

    I phone the webmaster and ask him to read me the webpage.

    --
    Georgia Tech, the leader in Chia(tm) technology.
  23. Re:This code by vear · · Score: 3, Funny

    MS-DOS or DR-DOS? I don't know which one is worse.

  24. Re:Ouch. by TheRealMindChild · · Score: 5, Funny
    --

    "When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
  25. Re:...or by not using Internet Explorer by dallask · · Score: 5, Funny

    solution:
    Buy sony cd,
    install rootkit
    rename Explorer to $sys$explorer.exe

    --
    The Code Ninja is swift with his tool, precise in his delivery, and deadly accurate in his execution.
  26. Re:This is why... by OakDragon · · Score: 5, Funny

    There is an exploit that my computer suffers from every day. It's called the 'Slash.ORG' worm, and it doesn't matter what kind of browser you use. Once the browser navigates to a certain website, it tends to stay there, refreshing as needed. It's called a DoPE attack, or 'Denial of Productivity for Employer.'

  27. Re:This is why... by caulfield · · Score: 3, Funny

    The phones are tapped.

    US Mail, baby.

    Didn't anyone see The Postman

  28. Get the facts! by Xerp · · Score: 3, Funny

    Have you people not got the facts? Browsing the web using Microsoft Windows - and especially when using the excellent Microsoft Internet Explorer is proven to much more secure than using those namby-pamby, tree-hugging, communist hippy programs you can get, like that Linux thing and Firefox. I mean, no-one uses those things anyway, do they? I always make sure that I am fully patched, and that my anti-spyware and anti-virus programs and up to date. Every morning I check through my root-kit and trojan scanner reports, right after my defrag has finished. I know for a fact that this so-called exploit hasn't affected me in th [NO CARRIER]