[Internet Explorer] Critical Warning

  • Thread starter dduardo
  • Start date
In summary, IE is vulnerable to a 0day exploit that has already been released on the internet. Firefox is a better alternative to using IE.
  • #1
dduardo
Staff Emeritus
1,905
3
[Internet Explorer] Critical Warning!

There is a 0day IE6 remote exploit and code is already readily available on the Internet.

Background
---------------
A 0day exploit is such an advanced exploit that Microsoft hasn't created patches for it and probably won't start working on it until today. This means you'll be lucky to get a patch by next week.

A remote exploit means that no human input is required to become infected.

Affected Products:
-----------------------

Microsoft Internet Explorer 6 for Microsoft Windows XP SP2
Microsoft Internet Explorer 6 for Microsoft Windows XP SP1

Microsoft Office 2002
Microsoft Office 2000
Microsoft Office XP
Microsoft Visio
Microsoft Project
Microsoft .NET Framework 1.1
Microsoft Access
Microsoft Visual Studio .NET 2003
Microsoft Visual Studio .NET 2002
ATI Catalyst drivers
And More...

Solution:
-----------

Use Mozilla Firefox or use any other browser not Internet Explorer 6.

http://www.mozilla.org/

[edit] Update 1: SANS has release an UNOFFICIAL patch for this hole. You can find it here:

http://isc.sans.org/msddskillbit.php [Broken]

Be warned that you will break programs that use the particular dll that is patched. This includes MS Office, .NET framework, Visio, etc

Use it at your own risk.
 
Last edited by a moderator:
Physics news on Phys.org
  • #2
dduardo said:
Solution:
-----------
Upgrade to Mozilla Firefox or use any other browser not Internet Explorer 6.
op·por·tun·ism
noun

: the art, policy, or practice of taking advantage of opportunities or circumstances, especially with little regard for principles or ultimate consequences
 
  • #3
Hey, what do you want me to say? Just don't use Internet Explorer 6? I have to give people options.
 
Last edited:
  • #4
f-i-r-e-f-o-x i-s b-e-t-t-e-r
 
  • #5
Little regard toward ultimate consequences, I would have to disagree with that part.

I personally do not see what is wrong with dduardo's post. I could see people being safer by not using IE for the next week or so.
 
  • #6
This is from an older exploit but still applies:

"CERT recommends that Explorer users consider other browsers that are not affected by the attack, such as Mozilla, Mozilla Firefox, Netscape and Opera. Mac, Linux and other non-Windows operating systems are immune from this attack. For people who continue to use the Internet Explorer, CERT and Microsoft recommend setting the browser's security settings to "high," but that can impair some browsing functions."

For those who don't know: U.S. Computer Emergency Readiness Team (US-CERT), a division of the Department of Homeland Security.

Internet Explorer is a national security risk.
 
  • #8
Yes, that's the exploit code. Thanks for posting it.
 
  • #10
The problem is most people have ActiveX enabled. It's on by default.
 
  • #11
dduardo said:
Hey, what do you want me to say? Just don't use Internet Explorer 6? I have to give people options.
Options. Yah. Not that you're biased or anything...
 
  • #13
DaveC426913 said:
Options. Yah. Not that you're biased or anything...

Go ahead and pick anything other than IE. That's fine.
 
  • #14
mattmns said:
He is giving the best option there is for windows users, imo.
Certainly. Let's just call a spade a spade and not pretend that dduardo's interests are wholely altruistic, or given with *our* best interests in mind. As HitSquad points out, an ostensible warning about a virus was used opportunistically to flog Firefox.
 
  • #15
I think given that there have been new critical worms that just came out and now this IE exploit, this is definitely in the best interest of anyone using Windows and Internet Explorer. Yes dduardo may have used it to promote firefox, but firefox is one of the best alternatives to IE.

If your car had some serious problem you would probably swap it for a rental, or another car for a week or so, and I think the same can be said for web browsers. IE is having some major problems at the moment and therefore people should look to other browsers for now.
 
  • #16
DaveC426913 said:
Certainly. Let's just call a spade a spade and not pretend that dduardo's interests are wholely altruistic, or given with *our* best interests in mind. As HitSquad points out, an ostensible warning about a virus was used opportunistically to flog Firefox.

I am posting internet security warnings that are rated critical and could potentially harm a large group of people. I could careless if it has to do with IE or not. I'll post firefox security warnings if the exploits are critical. My intention is to inform people of security problems that could cause major loss of data or cause data to be compromised.

What do I have to gain by promoting Firefox? I'm not a mozilla developer. I'm not making money off firefox. I'm not competing against Microsoft. I just firmly believe that firefox is a better browser than IE. Is that wrong? Is it wrong for CERT to recommend that people use another browser? I'm not forcing you to switch. That's your poragative. Don't turn this into a religious war.
 
  • #17
I for one applaud dduardo for bringing the potential problem to people's attention, even if he is getting $50 every time someone installs firefox. :biggrin: :wink:
 
  • #18
How go you turn off Active-X controls?
 
  • #19
If you turn off active-x you won't be able to visit microsoft's update site. In addtion you could also end up crippling some of your common software apps like excel, word, etc since they use active-x controls to run various scripts. But this depends on which features of the software you use.

If you surf the web with any other browser other than IE and don't use IE within other apps like outlook you should be fine. Only use IE to visit mcirosoft's update site. This is how I do it with windows machines I admin and they are always up and running without problems.
 
  • #20
Evo said:
I for one applaud dduardo for bringing the potential problem to people's attention, even if he is getting $50 every time someone installs firefox. :biggrin: :wink:
I was going to ask if he has stock in Mozilla. :rofl: Why is everyone jumping on dduardo for recommending something that's free to download? It's not like he's selling something, he's recommending a free alternative to a browser that currently presents a security risk. If you feel committed to IE for whatever reason, just use Firefox for a week or so until there's a patch available and then go back to IE again. I can't even remember a time when I didn't have two browsers installed on my computer and am having a hard time understanding why people are so worked up about it.

I appreciate that dduardo is trying to keep people informed of security threats that are popping up right now.
 
  • #21
Microsoft is a big company, and I am sure some people here have stock in MS. Personally I would not like someone messing with my money either.
 
  • #22
Moonbear said:
If you feel committed to IE for whatever reason, just use Firefox for a week or so until there's a patch available
IE is not a security risk. ActiveX is. Firefox does not have ActiveX. IE let's you turn it on or off. IE is just like Firefox when you turn ActiveX off.
 
  • #23
hitssquad said:
IE is not a security risk. ActiveX is. Firefox does not have ActiveX. IE let's you turn it on or off. IE is just like Firefox when you turn ActiveX off.

But it sounds like IE doesn't work very well if you turn off ActiveX. :confused:
 
  • #24
Moonbear said:
But it sounds like IE doesn't work very well if you turn off ActiveX.
If IE didn't work very well with ActiveX turned off, how would Firefox work any better?
 
  • #25
Don't you need XP SP2 to turn ActiveX off?

edit.. Maybe not, I have seen solutions for turning it off in IE 4 and 5.
 
Last edited:
  • #26
IE security options

mattmns said:
Don't you need XP SP2 to turn ActiveX off?
No. IE has a security settings panel. Tools > Internet Options > Security > Custom level. There are five different categories for ActiveX, with options for on, off, or prompt. If you don't want to individually adjust security settings, you can use the security templates: Low, Medium-Low, Medium, High.
 
  • #27
hitssquad said:
If IE didn't work very well with ActiveX turned off, how would Firefox work any better?

The issue with turning off ActiveX is that IE isn't the only program that uses it. For instance, MS Office's VB Macros use ActiveX. A lot of companies use this and it isn't practical to start disabling ActiveX. There are also a bunch of other program s that can be affected by turning off activex. You also can't visit Windows Update if you have activeX disabled. Since you can only get exploited by opening up an html document in IE/Outlook, why not just replace the applications were you're most likely to open an html documents? Firefox, Opera, etc are good replacements for browsers while Thunderbird,Eudora, etc are good replacements for outlook.

Btw, hitssquad, do you have stock or invested interest in Microsoft or any of its affliate companies?
 
Last edited:
  • #28
You will get a pop-up that ActiveX was blocked and you can opt to install it, such as on the Windows Update site, never had a problem with that setup.
 
  • #29
At my last job, I found out after 18 months that I didn't have ActiveX enabled, it was only when I tried to use a special new system that I was prompted for it. I've never needed it for anything else apparently.
 

1. What is an [Internet Explorer] Critical Warning?

An [Internet Explorer] Critical Warning is a pop-up message that appears on a computer screen when there is a potential security threat detected by Internet Explorer, the web browser developed by Microsoft.

2. What causes an [Internet Explorer] Critical Warning to appear?

An [Internet Explorer] Critical Warning can appear due to various reasons such as a phishing attempt, malware or virus attack, outdated browser version, or an insecure website.

3. Is an [Internet Explorer] Critical Warning a legitimate threat?

Yes, an [Internet Explorer] Critical Warning should be taken seriously as it indicates a potential security threat to your computer and personal information. It is important to address the warning promptly to prevent any harm.

4. How do I get rid of an [Internet Explorer] Critical Warning?

The best way to get rid of an [Internet Explorer] Critical Warning is to close the warning message and run a full system scan using a reputable antivirus or anti-malware software. It is also recommended to update your browser and operating system to the latest versions to prevent future warnings.

5. Can I prevent [Internet Explorer] Critical Warnings from appearing?

While it is not possible to completely prevent [Internet Explorer] Critical Warnings from appearing, you can take precautions to minimize the chances of getting them. This includes keeping your browser and operating system up-to-date, using strong and unique passwords, and being cautious while browsing the internet and clicking on unfamiliar links or pop-ups.

Similar threads

  • MATLAB, Maple, Mathematica, LaTeX
Replies
1
Views
7K
Back
Top