Dismiss Notice
Join Physics Forums Today!
The friendliest, high quality science and math community on the planet! Everyone who loves science is here!

[Internet Explorer] Critical Warning

  1. Aug 18, 2005 #1

    dduardo

    User Avatar
    Staff Emeritus

    [Internet Explorer] Critical Warning!!!!

    There is a 0day IE6 remote exploit and code is already readily available on the Internet.

    Background
    ---------------
    A 0day exploit is such an advanced exploit that Microsoft hasn't created patches for it and probably won't start working on it until today. This means you'll be lucky to get a patch by next week.

    A remote exploit means that no human input is required to become infected.

    Affected Products:
    -----------------------

    Microsoft Internet Explorer 6 for Microsoft Windows XP SP2
    Microsoft Internet Explorer 6 for Microsoft Windows XP SP1

    Microsoft Office 2002
    Microsoft Office 2000
    Microsoft Office XP
    Microsoft Visio
    Microsoft Project
    Microsoft .NET Framework 1.1
    Microsoft Access
    Microsoft Visual Studio .NET 2003
    Microsoft Visual Studio .NET 2002
    ATI Catalyst drivers
    And More....

    Solution:
    -----------

    Use Mozilla Firefox or use any other browser not Internet Explorer 6.

    http://www.mozilla.org/

    [edit] Update 1: SANS has release an UNOFFICIAL patch for this hole. You can find it here:

    http://isc.sans.org/msddskillbit.php

    Be warned that you will break programs that use the particular dll that is patched. This includes MS Office, .NET framework, Visio, etc

    Use it at your own risk.
     
    Last edited: Aug 18, 2005
  2. jcsd
  3. Aug 18, 2005 #2
    op·por·tun·ism
    noun

    : the art, policy, or practice of taking advantage of opportunities or circumstances, especially with little regard for principles or ultimate consequences
     
  4. Aug 18, 2005 #3

    dduardo

    User Avatar
    Staff Emeritus

    Hey, what do you want me to say? Just don't use Internet Explorer 6? I have to give people options.
     
    Last edited: Aug 18, 2005
  5. Aug 18, 2005 #4

    JamesU

    User Avatar
    Gold Member

    f-i-r-e-f-o-x i-s b-e-t-t-e-r
     
  6. Aug 18, 2005 #5
    Little regard toward ultimate consequences, I would have to disagree with that part.

    I personally do not see what is wrong with dduardo's post. I could see people being safer by not using IE for the next week or so.
     
  7. Aug 18, 2005 #6

    dduardo

    User Avatar
    Staff Emeritus

    This is from an older exploit but still applies:

    "CERT recommends that Explorer users consider other browsers that are not affected by the attack, such as Mozilla, Mozilla Firefox, Netscape and Opera. Mac, Linux and other non-Windows operating systems are immune from this attack. For people who continue to use the Internet Explorer, CERT and Microsoft recommend setting the browser's security settings to "high," but that can impair some browsing functions."

    For those who don't know: U.S. Computer Emergency Readiness Team (US-CERT), a division of the Department of Homeland Security.

    Internet Explorer is a national security risk.
     
  8. Aug 18, 2005 #7
  9. Aug 18, 2005 #8

    dduardo

    User Avatar
    Staff Emeritus

    Yes, that's the exploit code. Thanks for posting it.
     
  10. Aug 18, 2005 #9
  11. Aug 18, 2005 #10

    dduardo

    User Avatar
    Staff Emeritus

    The problem is most people have ActiveX enabled. It's on by default.
     
  12. Aug 18, 2005 #11

    DaveC426913

    User Avatar
    Gold Member

    Options. Yah. Not that you're biased or anything...
     
  13. Aug 18, 2005 #12
  14. Aug 18, 2005 #13

    dduardo

    User Avatar
    Staff Emeritus

    Go ahead and pick anything other than IE. That's fine.
     
  15. Aug 18, 2005 #14

    DaveC426913

    User Avatar
    Gold Member

    Certainly. Let's just call a spade a spade and not pretend that dduardo's interests are wholely altruistic, or given with *our* best interests in mind. As HitSquad points out, an ostensible warning about a virus was used opportunistically to flog Firefox.
     
  16. Aug 18, 2005 #15
    I think given that there have been new critical worms that just came out and now this IE exploit, this is definitely in the best interest of anyone using Windows and Internet Explorer. Yes dduardo may have used it to promote firefox, but firefox is one of the best alternatives to IE.

    If your car had some serious problem you would probably swap it for a rental, or another car for a week or so, and I think the same can be said for web browsers. IE is having some major problems at the moment and therefore people should look to other browsers for now.
     
  17. Aug 18, 2005 #16

    dduardo

    User Avatar
    Staff Emeritus

    I am posting internet security warnings that are rated critical and could potentially harm a large group of people. I could careless if it has to do with IE or not. I'll post firefox security warnings if the exploits are critical. My intention is to inform people of security problems that could cause major loss of data or cause data to be compromised.

    What do I have to gain by promoting Firefox? I'm not a mozilla developer. I'm not making money off firefox. I'm not competing against Microsoft. I just firmly believe that firefox is a better browser than IE. Is that wrong? Is it wrong for CERT to recommend that people use another browser? I'm not forcing you to switch. That's your poragative. Don't turn this into a religious war.
     
  18. Aug 18, 2005 #17

    Evo

    User Avatar

    Staff: Mentor

    I for one applaud dduardo for bringing the potential problem to people's attention, even if he is getting $50 every time someone installs firefox. :biggrin: :wink:
     
  19. Aug 18, 2005 #18
    How go you turn off Active-X controls?
     
  20. Aug 18, 2005 #19

    dduardo

    User Avatar
    Staff Emeritus

    If you turn off active-x you won't be able to visit microsoft's update site. In addtion you could also end up crippling some of your common software apps like excel, word, etc since they use active-x controls to run various scripts. But this depends on which features of the software you use.

    If you surf the web with any other browser other than IE and don't use IE within other apps like outlook you should be fine. Only use IE to visit mcirosoft's update site. This is how I do it with windows machines I admin and they are always up and running without problems.
     
  21. Aug 18, 2005 #20

    Moonbear

    User Avatar
    Staff Emeritus
    Science Advisor
    Gold Member

    I was going to ask if he has stock in Mozilla. :rofl: Why is everyone jumping on dduardo for recommending something that's free to download? It's not like he's selling something, he's recommending a free alternative to a browser that currently presents a security risk. If you feel committed to IE for whatever reason, just use Firefox for a week or so until there's a patch available and then go back to IE again. I can't even remember a time when I didn't have two browsers installed on my computer and am having a hard time understanding why people are so worked up about it.

    I appreciate that dduardo is trying to keep people informed of security threats that are popping up right now.
     
Know someone interested in this topic? Share this thread via Reddit, Google+, Twitter, or Facebook

Have something to add?



Similar Discussions: [Internet Explorer] Critical Warning
  1. Warning (Replies: 4)

  2. The internet (Replies: 18)

  3. Space Exploration (Replies: 14)

Loading...