Slashdot Mirror


New IE Zero Day

RebootKid writes "Microsoft has released a notice about a new zero day attack against Internet Explorer. Guess it's going to be more a 'Script Kiddie Christmas,' less of a 'White Christmas.' 'Ok, fess up — who asked for an IE 0 day for Christmas? I'm guessing Santa got his lumps of coal mixed up with a bag of exploits. This exploit has been discussed over the last day or so on full disclosure and a number of other sites. Metasploit already has a module available for it (just search for CSS & IE). Microsoft has put out an advisory 2488013 regarding the issue which manifests itself when a specially crafted web page is used and could result in remote code execution on the client.'"

1 of 305 comments (clear)

  1. Okay, here's a question ... by ScrewMaster · · Score: -1, Troll

    Microsoft has released a notice about a new zero day attack against Internet Explorer.

    And this is noteworthy why? How many Slashdotters use Internet Explorer for anything other than the occasional WindowsUpdate in XP? This may be News for Nerds, but it hardly matters. Everyone here knows very well that Internet Explorer is too dangerous for general Web use. That Microsoft is suffering yet another security failure doesn't really elicit much interest from me, I must say.

    It irks me that there are better options than Explorer readily available, but so many people just don't care enough about their own security and privacy to avail themselves of those options. It's not like paying through the nose for an anti-virus product: these things are free to use! I feel less and less sorry for Explorer users every day, having heard all the excuses ("it doesn't look like Explorer, my favorite free-malware-site doesn't like it, it's too hard to install, I'm too stupid to use a computer, and so on ad infinitum.) It's not as if the likes of Firefox, Chrome and Opera are hard to find, or aren't in the public's eye nowadays. Hell, a few months ago a major U.S. bank issued a warning recommending that its customers eschew Explorer in favor of anything else and further recommended that any online banking be done in anything but Windows (preferably Linux/Unix.) Of course, the month after that they made another public statement to the effect that they would only support Internet Explorer (note: they didn't follow through on that threat. I got the distinct impression that it was a "left hand doesn't know what the right hand is doing" situation.)

    --
    The higher the technology, the sharper that two-edged sword.