A new security vulnerability in IE allows websites to steal passwords.
Nope, this isn’t the Zero Day Attack, but a vulnerability based off of it. According to the BBC, security advisers are warning people to use different web browsers until the hole can be fixed.
The advice came after Microsoft released a monster patch load repairing 28 critical and important vulnerabilities on its regularly scheduled “Patch Tuesday,” which falls on the second Tuesday of every month.
According to Trend Micro as many as 10,000 sites have been compromised so far, although most are Chinese according to USA Today “What we’ve seen from the exploit so far is it stealing game passwords, but it’s inevitable that it will be adapted by criminals,” said Rick Ferguson, Trend Micro’s senior security advisor.
Attacks at the moment only seem to be happening to users of Internet Explorer 7, but the vulnerability does exist in earlier versions.
Microsoft is being tightlipped about the actual vulnerability and suggests that anyone wishing to continue using IE7 take appropriate countermeasures, such as working in Protected Mode and changing security settings to High.
Maybe someone got around to using that I.E. Voodoo Doll?
Source :BBC
Update: The emergency patch should be available from 1800 GMT on 17 December, Microsoft has said.
Maybe Microsoft need some Christmas Temps?
Published: Dec 17, 2008 11:55 am