Critical Attack Slams Microsoft IE 6 and 7

Attack Throgh IE 6 and 7

Attackers could hijack your PC if you simply viewed a Web site or read an HTML e-mail laced with a poisoned animated-cursor file (.ani).So,be alert while opening Webpages and reading HTML pages.The flaw can be targeted through browsers, including Internet Explorer (6 and 7) and Firefox, as well as via Outlook versions 2002 SP3 and later, on Windows XP SP2 and Vista systems. Microsoft says that the risk with IE 7 under Vista is mitigated because of IE’s protected mode, and that Outlook 2007 is safe because it uses Word to display HTML e-mail.

What is surprising is that the Microsoft knew about the hole three months before the attacks began. You can get the patch over Microsoft Automatic Updates or at Microsoft’s website.

IE 7’s troubles continue with a proof-of-concept phishing exploit published by security researcher Aviv Raff. Using it, an attacker could fool you and IE with an e-mail or Web link to a doctored error page that, when refreshed as directed, would send you to a phishing site disguised as a legitimate destination. The impostor site would show the real site’s URL in the address bar, potentially tricking even careful surfers.
At press time Microsoft had not yet issued a fix; as always your best bet is never to click an e-mail link to access your bank or other financial account, even if you’re sure that the e-mail is legit. Instead, type in the address yourself or use a bookmark. For more, including a vulnerability test, see the Secunia website.

Microsoft is shipping another patch batch that improves Vista compatibility for a range of programs, including Trend Micro Internet Security 2007 and Microsoft Money 2006. For the patch and a list of affected apps, see Microsoft’s March 2007 Windows Vista Application Compatibility Update. Expect such fixes to be a regular thing.

Update for Apple Quick Time Media Player.

Apple has released yet another update to fix multiple dangerous holes in its QuickTime media player software for both Mac and Windows.The patch closes eight critical vulnerabilities in how the player handles a variety of media files--and annoyingly it will put QuickTime on your desktop and in your system tray whether you want it there or not. An attacker exploiting any of the flaws could hit you with a drive-by download if you visit a rigged site or click on an e-mail link to a poisoned movie, so make sure that you have version 7.1.5 or later. Learn more from Apple’s page on the security content of QuickTime 7.1.5.

More battery woes

Lenovo is recalling and replacing 205,000 (100,000 in the United States) lithium ion laptop batteries for ThinkPads sold between November 2003 and February 2005, due to an overheating problem that can occur if the battery is dropped or hit. To find out if your battery is affected, see Lenovo’s battery recall support page.



April 25, 2007 at 3:15 PM

woah Microsoft again... It seems like a deliberate move so that their customers will sought back to them for help. Makes me wonder why they don't nip the problem in the bud.

  Syaf The Geek

April 25, 2007 at 10:36 PM

Better don't use IE or just dumped it. Firefox, Netscape and Opera is much better than IE.