Here's a News Article carried today by the BBC at
http://news.bbc.co.uk/2/hi/technology/7784908.stm

Serious security flaw found in IE

Users of Microsoft's Internet Explorer are being urged by experts to switch
to a rival until a serious security flaw has been fixed.

The flaw in Microsoft's Internet Explorer could allow criminals to take
control of people's computers and steal their passwords, internet experts
say.

Microsoft urged people to be vigilant while it investigated and prepared an
emergency patch to resolve it.

Internet Explorer is used by the vast majority of the world's computer
users.


"Microsoft is continuing its investigation of public reports of attacks
against a new vulnerability in Internet Explorer," said the firm in a
security advisory alert about the flaw.

Microsoft says it has detected attacks against IE 7.0 but said the
"underlying vulnerability" was present in all versions of the browser.

Other browsers, such as Firefox, Opera, Chrome, Safari, are not vulnerable
to the flaw Microsoft has identified.

Browser bait

"In this case, hackers found the hole before Microsoft did," said Rick
Ferguson, senior security advisor at Trend Micro. "This is never a good
thing."

As many as 10,000 websites have been compromised since the vulnerability was
discovered, he said.

"What we've seen from the exploit so far is it stealing game passwords, but
it's inevitable that it will be adapted by criminals," he said. "It's just a
question of modifying the payload the trojan installs."


Said Mr Ferguson: "If users can find an alternative browser, then that's
good mitigation against the threat."

But Microsoft counselled against taking such action.

"I cannot recommend people switch due to this one flaw," said John Curran,
head of Microsoft UK's Windows group.

He added: "We're trying to get this resolved as soon as possible.

"At present, this exploit only seems to affect 0.02% of internet sites,"
said Mr Curran. "In terms of vulnerability, it only seems to be affecting
IE7 users at the moment, but could well encompass other versions in time."

Richard Cox, chief information officer of anti-spam body The Spamhaus
Project and an expert on privacy and cyber security, echoed Trend Micro's
warning.

"It won't be long before someone reverse engineers this exploit for more
fraudulent purposes. Trend Mico's advice [of switching to an alternative web
browser] is very sensible," he said.

PC Pro magazine's security editor, Darien Graham-Smith, said that there was
a virtual arms race going on, with hackers always on the look out for new
vulnerabilities.

"The message needs to get out that this malicious code can be planted on any
web site, so simple careful browsing isn't enough."

"It's a shame Microsoft have not been able to fix this more quickly, but
letting people know about this flaw was the right thing to do. If you keep
flaws like this quiet, people are put at risk without knowing it."

"Every browser is susceptible to vulnerabilities from time to time. It's
fine to say 'don't use Internet Explorer' for now, but other browsers may
well find themselves in a similar situation," he added.

Here is the official notification from Microsoft which was first published
on December 10, 2008 and updated on December 15:
http://www.microsoft.com/technet/sec...ry/961051.mspx

Alan

"Alan" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Here's a News Article carried today by the BBC at
> http://news.bbc.co.uk/2/hi/technology/7784908.stm
>
> Serious security flaw found in IE
>
> Users of Microsoft's Internet Explorer are being urged by experts to
> switch to a rival until a serious security flaw has been fixed.
>
> The flaw in Microsoft's Internet Explorer could allow criminals to take
> control of people's computers and steal their passwords, internet experts
> say.
>
> Microsoft urged people to be vigilant while it investigated and prepared
> an emergency patch to resolve it.
>
> Internet Explorer is used by the vast majority of the world's computer
> users.
>
>
> "Microsoft is continuing its investigation of public reports of attacks
> against a new vulnerability in Internet Explorer," said the firm in a
> security advisory alert about the flaw.
>
> Microsoft says it has detected attacks against IE 7.0 but said the
> "underlying vulnerability" was present in all versions of the browser.
>
> Other browsers, such as Firefox, Opera, Chrome, Safari, are not vulnerable
> to the flaw Microsoft has identified.
>
> Browser bait
>
> "In this case, hackers found the hole before Microsoft did," said Rick
> Ferguson, senior security advisor at Trend Micro. "This is never a good
> thing."
>
> As many as 10,000 websites have been compromised since the vulnerability
> was discovered, he said.
>
> "What we've seen from the exploit so far is it stealing game passwords,
> but it's inevitable that it will be adapted by criminals," he said. "It's
> just a question of modifying the payload the trojan installs."
>
>
> Said Mr Ferguson: "If users can find an alternative browser, then that's
> good mitigation against the threat."
>
> But Microsoft counselled against taking such action.
>
> "I cannot recommend people switch due to this one flaw," said John Curran,
> head of Microsoft UK's Windows group.
>
> He added: "We're trying to get this resolved as soon as possible.
>
> "At present, this exploit only seems to affect 0.02% of internet sites,"
> said Mr Curran. "In terms of vulnerability, it only seems to be affecting
> IE7 users at the moment, but could well encompass other versions in time."
>
> Richard Cox, chief information officer of anti-spam body The Spamhaus
> Project and an expert on privacy and cyber security, echoed Trend Micro's
> warning.
>
> "It won't be long before someone reverse engineers this exploit for more
> fraudulent purposes. Trend Mico's advice [of switching to an alternative
> web browser] is very sensible," he said.
>
> PC Pro magazine's security editor, Darien Graham-Smith, said that there
> was a virtual arms race going on, with hackers always on the look out for
> new vulnerabilities.
>
> "The message needs to get out that this malicious code can be planted on
> any web site, so simple careful browsing isn't enough."
>
> "It's a shame Microsoft have not been able to fix this more quickly, but
> letting people know about this flaw was the right thing to do. If you keep
> flaws like this quiet, people are put at risk without knowing it."
>
> "Every browser is susceptible to vulnerabilities from time to time. It's
> fine to say 'don't use Internet Explorer' for now, but other browsers may
> well find themselves in a similar situation," he added.
>
>
>

Dose this mean we should'nt be useing IE7 or changing to another browser¿

E-Boy=)

"Alan" wrote:

> Here's a News Article carried today by the BBC at
> http://news.bbc.co.uk/2/hi/technology/7784908.stm
>
> Serious security flaw found in IE
>
> Users of Microsoft's Internet Explorer are being urged by experts to switch
> to a rival until a serious security flaw has been fixed.
>
> The flaw in Microsoft's Internet Explorer could allow criminals to take
> control of people's computers and steal their passwords, internet experts
> say.
>
> Microsoft urged people to be vigilant while it investigated and prepared an
> emergency patch to resolve it.
>
> Internet Explorer is used by the vast majority of the world's computer
> users.
>
>
> "Microsoft is continuing its investigation of public reports of attacks
> against a new vulnerability in Internet Explorer," said the firm in a
> security advisory alert about the flaw.
>
> Microsoft says it has detected attacks against IE 7.0 but said the
> "underlying vulnerability" was present in all versions of the browser.
>
> Other browsers, such as Firefox, Opera, Chrome, Safari, are not vulnerable
> to the flaw Microsoft has identified.
>
> Browser bait
>
> "In this case, hackers found the hole before Microsoft did," said Rick
> Ferguson, senior security advisor at Trend Micro. "This is never a good
> thing."
>
> As many as 10,000 websites have been compromised since the vulnerability was
> discovered, he said.
>
> "What we've seen from the exploit so far is it stealing game passwords, but
> it's inevitable that it will be adapted by criminals," he said. "It's just a
> question of modifying the payload the trojan installs."
>
>
> Said Mr Ferguson: "If users can find an alternative browser, then that's
> good mitigation against the threat."
>
> But Microsoft counselled against taking such action.
>
> "I cannot recommend people switch due to this one flaw," said John Curran,
> head of Microsoft UK's Windows group.
>
> He added: "We're trying to get this resolved as soon as possible.
>
> "At present, this exploit only seems to affect 0.02% of internet sites,"
> said Mr Curran. "In terms of vulnerability, it only seems to be affecting
> IE7 users at the moment, but could well encompass other versions in time."
>
> Richard Cox, chief information officer of anti-spam body The Spamhaus
> Project and an expert on privacy and cyber security, echoed Trend Micro's
> warning.
>
> "It won't be long before someone reverse engineers this exploit for more
> fraudulent purposes. Trend Mico's advice [of switching to an alternative web
> browser] is very sensible," he said.
>
> PC Pro magazine's security editor, Darien Graham-Smith, said that there was
> a virtual arms race going on, with hackers always on the look out for new
> vulnerabilities.
>
> "The message needs to get out that this malicious code can be planted on any
> web site, so simple careful browsing isn't enough."
>
> "It's a shame Microsoft have not been able to fix this more quickly, but
> letting people know about this flaw was the right thing to do. If you keep
> flaws like this quiet, people are put at risk without knowing it."
>
> "Every browser is susceptible to vulnerabilities from time to time. It's
> fine to say 'don't use Internet Explorer' for now, but other browsers may
> well find themselves in a similar situation," he added.
>
>
>
>

"Elmwood Boy" wrote:

> Dose this mean we should'nt be useing IE7 or changing to another browser¿
>
> E-Boy=)

I always advise having an alternative/backup browser available in case of
Zero Day attacks. I use the portable version of Firefox myself but to each
their own. Just make sure that if you do use an alternative browser for a
backup that it is as fully patched and as locked down as possible during the
crises. And that you update your normal browser as soon as a patch is
available.

And of course make sure you are using a firewall and antivirus/antimalware
program as well, often they can help stop an attack before a patch is
released.
And, if possible try to do your browsing as a limited users instead of as an
administrator.

?:-/
Tim

Very good question, the answer to which, I would say, depends on whether or
not you are looking at the revelation from MS`s point of view Or the many
generic security anylists out there. I`m sure MS are not going to `shoot
themselves in the foot` by saying don`t use explorer - its badly flawed on
the security front. Bad publicity and who can blame them for that? I could be
way off base here but, right now, I would say that much depends on your
surfing habits until they come up with a patch to correct the issue. In the
meantime, if you really like IE as I do, I would suggest tightening your IE
security settings a notch or two and be very careful where you go and what
you reveal. For example. I would not touch Internet Banking until I`m
confident the issue has been resolved. I`m sure Bill S will have some advice
sooner or later.

Stu

"Elmwood Boy" wrote:

> Dose this mean we should'nt be useing IE7 or changing to another browser¿
>
> E-Boy=)
>
> "Alan" wrote:
>
> > Here's a News Article carried today by the BBC at
> > http://news.bbc.co.uk/2/hi/technology/7784908.stm
> >
> > Serious security flaw found in IE
> >
> > Users of Microsoft's Internet Explorer are being urged by experts to switch
> > to a rival until a serious security flaw has been fixed.
> >
> > The flaw in Microsoft's Internet Explorer could allow criminals to take
> > control of people's computers and steal their passwords, internet experts
> > say.
> >
> > Microsoft urged people to be vigilant while it investigated and prepared an
> > emergency patch to resolve it.
> >
> > Internet Explorer is used by the vast majority of the world's computer
> > users.
> >
> >
> > "Microsoft is continuing its investigation of public reports of attacks
> > against a new vulnerability in Internet Explorer," said the firm in a
> > security advisory alert about the flaw.
> >
> > Microsoft says it has detected attacks against IE 7.0 but said the
> > "underlying vulnerability" was present in all versions of the browser.
> >
> > Other browsers, such as Firefox, Opera, Chrome, Safari, are not vulnerable
> > to the flaw Microsoft has identified.
> >
> > Browser bait
> >
> > "In this case, hackers found the hole before Microsoft did," said Rick
> > Ferguson, senior security advisor at Trend Micro. "This is never a good
> > thing."
> >
> > As many as 10,000 websites have been compromised since the vulnerability was
> > discovered, he said.
> >
> > "What we've seen from the exploit so far is it stealing game passwords, but
> > it's inevitable that it will be adapted by criminals," he said. "It's just a
> > question of modifying the payload the trojan installs."
> >
> >
> > Said Mr Ferguson: "If users can find an alternative browser, then that's
> > good mitigation against the threat."
> >
> > But Microsoft counselled against taking such action.
> >
> > "I cannot recommend people switch due to this one flaw," said John Curran,
> > head of Microsoft UK's Windows group.
> >
> > He added: "We're trying to get this resolved as soon as possible.
> >
> > "At present, this exploit only seems to affect 0.02% of internet sites,"
> > said Mr Curran. "In terms of vulnerability, it only seems to be affecting
> > IE7 users at the moment, but could well encompass other versions in time."
> >
> > Richard Cox, chief information officer of anti-spam body The Spamhaus
> > Project and an expert on privacy and cyber security, echoed Trend Micro's
> > warning.
> >
> > "It won't be long before someone reverse engineers this exploit for more
> > fraudulent purposes. Trend Mico's advice [of switching to an alternative web
> > browser] is very sensible," he said.
> >
> > PC Pro magazine's security editor, Darien Graham-Smith, said that there was
> > a virtual arms race going on, with hackers always on the look out for new
> > vulnerabilities.
> >
> > "The message needs to get out that this malicious code can be planted on any
> > web site, so simple careful browsing isn't enough."
> >
> > "It's a shame Microsoft have not been able to fix this more quickly, but
> > letting people know about this flaw was the right thing to do. If you keep
> > flaws like this quiet, people are put at risk without knowing it."
> >
> > "Every browser is susceptible to vulnerabilities from time to time. It's
> > fine to say 'don't use Internet Explorer' for now, but other browsers may
> > well find themselves in a similar situation," he added.
> >
> >
> >
> >

I applied the work arounds recommended in the advisory.
Should work until:
http://blogs.technet.com/msrc/archiv...d-release.aspx
Microsoft Security Bulletin Advance Notification for December 2008
This is an advance notification of an out-of-band security bulletin that
Microsoft is intending to release on December 17, 2008.
Source: http://www.microsoft.com/technet/sec.../ms08-dec.mspx

You should subscribe to a security feed or alert from Microsoft,
then you won't have to wait for someone to else to publish it.
I get this feed http://blogs.technet.com/msrc/default.aspx

mae

"Alan" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
| Here is the official notification from Microsoft which was first published
| on December 10, 2008 and updated on December 15:
| http://www.microsoft.com/technet/sec...ry/961051.mspx
|
| Alan
|
| "Alan" <(E-Mail Removed)> wrote in message
| news:(E-Mail Removed)...
| > Here's a News Article carried today by the BBC at
| > http://news.bbc.co.uk/2/hi/technology/7784908.stm
| >
| > Serious security flaw found in IE
| >
| > Users of Microsoft's Internet Explorer are being urged by experts to
| > switch to a rival until a serious security flaw has been fixed.
| >
| > The flaw in Microsoft's Internet Explorer could allow criminals to take
| > control of people's computers and steal their passwords, internet
experts
| > say.
| >
| > Microsoft urged people to be vigilant while it investigated and prepared
| > an emergency patch to resolve it.
| >
| > Internet Explorer is used by the vast majority of the world's computer
| > users.
| >
| >
| > "Microsoft is continuing its investigation of public reports of attacks
| > against a new vulnerability in Internet Explorer," said the firm in a
| > security advisory alert about the flaw.
| >
| > Microsoft says it has detected attacks against IE 7.0 but said the
| > "underlying vulnerability" was present in all versions of the browser.
| >
| > Other browsers, such as Firefox, Opera, Chrome, Safari, are not
vulnerable
| > to the flaw Microsoft has identified.
| >
| > Browser bait
| >
| > "In this case, hackers found the hole before Microsoft did," said Rick
| > Ferguson, senior security advisor at Trend Micro. "This is never a good
| > thing."
| >
| > As many as 10,000 websites have been compromised since the vulnerability
| > was discovered, he said.
| >
| > "What we've seen from the exploit so far is it stealing game passwords,
| > but it's inevitable that it will be adapted by criminals," he said.
"It's
| > just a question of modifying the payload the trojan installs."
| >
| >
| > Said Mr Ferguson: "If users can find an alternative browser, then that's
| > good mitigation against the threat."
| >
| > But Microsoft counselled against taking such action.
| >
| > "I cannot recommend people switch due to this one flaw," said John
Curran,
| > head of Microsoft UK's Windows group.
| >
| > He added: "We're trying to get this resolved as soon as possible.
| >
| > "At present, this exploit only seems to affect 0.02% of internet sites,"
| > said Mr Curran. "In terms of vulnerability, it only seems to be
affecting
| > IE7 users at the moment, but could well encompass other versions in
time."
| >
| > Richard Cox, chief information officer of anti-spam body The Spamhaus
| > Project and an expert on privacy and cyber security, echoed Trend
Micro's
| > warning.
| >
| > "It won't be long before someone reverse engineers this exploit for more
| > fraudulent purposes. Trend Mico's advice [of switching to an alternative
| > web browser] is very sensible," he said.
| >
| > PC Pro magazine's security editor, Darien Graham-Smith, said that there
| > was a virtual arms race going on, with hackers always on the look out
for
| > new vulnerabilities.
| >
| > "The message needs to get out that this malicious code can be planted on
| > any web site, so simple careful browsing isn't enough."
| >
| > "It's a shame Microsoft have not been able to fix this more quickly, but
| > letting people know about this flaw was the right thing to do. If you
keep
| > flaws like this quiet, people are put at risk without knowing it."
| >
| > "Every browser is susceptible to vulnerabilities from time to time. It's
| > fine to say 'don't use Internet Explorer' for now, but other browsers
may
| > well find themselves in a similar situation," he added.
| >
| >
| >
|
|

"Alan" <(E-Mail Removed)> wrote:

> Here is the official notification from Microsoft which was first published
> on December 10, 2008 and updated on December 15:
> http://www.microsoft.com/technet/sec...ry/961051.mspx
>
> Alan
>

Thanks! I made the recommended changes and then was asked six times
about scripts when loading a Yahoo home page news article.

Also in the bulletin, under Workarounds > Set Internet and Intranet...,
the item "2. In the Select a Web content zone to specify its current
security settings box,... " my XP/SP3 does not contain the phrase
"Select a Web content zone..."

Gene

looks like it will -take a look here

http://www.microsoft.com/technet/sec.../ms08-dec.mspx

robin

"Alan" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Here's a News Article carried today by the BBC at
> http://news.bbc.co.uk/2/hi/technology/7784908.stm
>
> Serious security flaw found in IE
>
> Users of Microsoft's Internet Explorer are being urged by experts to
> switch to a rival until a serious security flaw has been fixed.
>
> The flaw in Microsoft's Internet Explorer could allow criminals to take
> control of people's computers and steal their passwords, internet experts
> say.
>
> Microsoft urged people to be vigilant while it investigated and prepared
> an emergency patch to resolve it.
>
> Internet Explorer is used by the vast majority of the world's computer
> users.
>
>
> "Microsoft is continuing its investigation of public reports of attacks
> against a new vulnerability in Internet Explorer," said the firm in a
> security advisory alert about the flaw.
>
> Microsoft says it has detected attacks against IE 7.0 but said the
> "underlying vulnerability" was present in all versions of the browser.
>
> Other browsers, such as Firefox, Opera, Chrome, Safari, are not vulnerable
> to the flaw Microsoft has identified.
>
> Browser bait
>
> "In this case, hackers found the hole before Microsoft did," said Rick
> Ferguson, senior security advisor at Trend Micro. "This is never a good
> thing."
>
> As many as 10,000 websites have been compromised since the vulnerability
> was discovered, he said.
>
> "What we've seen from the exploit so far is it stealing game passwords,
> but it's inevitable that it will be adapted by criminals," he said. "It's
> just a question of modifying the payload the trojan installs."
>
>
> Said Mr Ferguson: "If users can find an alternative browser, then that's
> good mitigation against the threat."
>
> But Microsoft counselled against taking such action.
>
> "I cannot recommend people switch due to this one flaw," said John Curran,
> head of Microsoft UK's Windows group.
>
> He added: "We're trying to get this resolved as soon as possible.
>
> "At present, this exploit only seems to affect 0.02% of internet sites,"
> said Mr Curran. "In terms of vulnerability, it only seems to be affecting
> IE7 users at the moment, but could well encompass other versions in time."
>
> Richard Cox, chief information officer of anti-spam body The Spamhaus
> Project and an expert on privacy and cyber security, echoed Trend Micro's
> warning.
>
> "It won't be long before someone reverse engineers this exploit for more
> fraudulent purposes. Trend Mico's advice [of switching to an alternative
> web browser] is very sensible," he said.
>
> PC Pro magazine's security editor, Darien Graham-Smith, said that there
> was a virtual arms race going on, with hackers always on the look out for
> new vulnerabilities.
>
> "The message needs to get out that this malicious code can be planted on
> any web site, so simple careful browsing isn't enough."
>
> "It's a shame Microsoft have not been able to fix this more quickly, but
> letting people know about this flaw was the right thing to do. If you keep
> flaws like this quiet, people are put at risk without knowing it."
>
> "Every browser is susceptible to vulnerabilities from time to time. It's
> fine to say 'don't use Internet Explorer' for now, but other browsers may
> well find themselves in a similar situation," he added.
>
>
>

I use firefox exclusivity except for Windows updates
I will wait for tomorrow to get the patch
and my clients only use firefox too
robin


"Alan" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Here's a News Article carried today by the BBC at
> http://news.bbc.co.uk/2/hi/technology/7784908.stm
>
> Serious security flaw found in IE
>
> Users of Microsoft's Internet Explorer are being urged by experts to
> switch to a rival until a serious security flaw has been fixed.
>
> The flaw in Microsoft's Internet Explorer could allow criminals to take
> control of people's computers and steal their passwords, internet experts
> say.
>
> Microsoft urged people to be vigilant while it investigated and prepared
> an emergency patch to resolve it.
>
> Internet Explorer is used by the vast majority of the world's computer
> users.
>
>
> "Microsoft is continuing its investigation of public reports of attacks
> against a new vulnerability in Internet Explorer," said the firm in a
> security advisory alert about the flaw.
>
> Microsoft says it has detected attacks against IE 7.0 but said the
> "underlying vulnerability" was present in all versions of the browser.
>
> Other browsers, such as Firefox, Opera, Chrome, Safari, are not vulnerable
> to the flaw Microsoft has identified.
>
> Browser bait
>
> "In this case, hackers found the hole before Microsoft did," said Rick
> Ferguson, senior security advisor at Trend Micro. "This is never a good
> thing."
>
> As many as 10,000 websites have been compromised since the vulnerability
> was discovered, he said.
>
> "What we've seen from the exploit so far is it stealing game passwords,
> but it's inevitable that it will be adapted by criminals," he said. "It's
> just a question of modifying the payload the trojan installs."
>
>
> Said Mr Ferguson: "If users can find an alternative browser, then that's
> good mitigation against the threat."
>
> But Microsoft counselled against taking such action.
>
> "I cannot recommend people switch due to this one flaw," said John Curran,
> head of Microsoft UK's Windows group.
>
> He added: "We're trying to get this resolved as soon as possible.
>
> "At present, this exploit only seems to affect 0.02% of internet sites,"
> said Mr Curran. "In terms of vulnerability, it only seems to be affecting
> IE7 users at the moment, but could well encompass other versions in time."
>
> Richard Cox, chief information officer of anti-spam body The Spamhaus
> Project and an expert on privacy and cyber security, echoed Trend Micro's
> warning.
>
> "It won't be long before someone reverse engineers this exploit for more
> fraudulent purposes. Trend Mico's advice [of switching to an alternative
> web browser] is very sensible," he said.
>
> PC Pro magazine's security editor, Darien Graham-Smith, said that there
> was a virtual arms race going on, with hackers always on the look out for
> new vulnerabilities.
>
> "The message needs to get out that this malicious code can be planted on
> any web site, so simple careful browsing isn't enough."
>
> "It's a shame Microsoft have not been able to fix this more quickly, but
> letting people know about this flaw was the right thing to do. If you keep
> flaws like this quiet, people are put at risk without knowing it."
>
> "Every browser is susceptible to vulnerabilities from time to time. It's
> fine to say 'don't use Internet Explorer' for now, but other browsers may
> well find themselves in a similar situation," he added.
>
>
>

Why? I always run Microsoft Update on Firefox. (IE Tab add-on may be
required.)

robinb wrote:
> I use firefox exclusivity except for Windows updates
> I will wait for tomorrow to get the patch
> and my clients only use firefox too
> robin
>
>
> "Alan" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Here's a News Article carried today by the BBC at
>> http://news.bbc.co.uk/2/hi/technology/7784908.stm
>>
>> Serious security flaw found in IE
>>
>> Users of Microsoft's Internet Explorer are being urged by experts to
>> switch to a rival until a serious security flaw has been fixed.
>>
>> The flaw in Microsoft's Internet Explorer could allow criminals to take
>> control of people's computers and steal their passwords, internet experts
>> say.
>>
>> Microsoft urged people to be vigilant while it investigated and prepared
>> an emergency patch to resolve it.
>>
>> Internet Explorer is used by the vast majority of the world's computer
>> users.
>>
>>
>> "Microsoft is continuing its investigation of public reports of attacks
>> against a new vulnerability in Internet Explorer," said the firm in a
>> security advisory alert about the flaw.
>>
>> Microsoft says it has detected attacks against IE 7.0 but said the
>> "underlying vulnerability" was present in all versions of the browser.
>>
>> Other browsers, such as Firefox, Opera, Chrome, Safari, are not vulnerable
>> to the flaw Microsoft has identified.
>>
>> Browser bait
>>
>> "In this case, hackers found the hole before Microsoft did," said Rick
>> Ferguson, senior security advisor at Trend Micro. "This is never a good
>> thing."
>>
>> As many as 10,000 websites have been compromised since the vulnerability
>> was discovered, he said.
>>
>> "What we've seen from the exploit so far is it stealing game passwords,
>> but it's inevitable that it will be adapted by criminals," he said. "It's
>> just a question of modifying the payload the trojan installs."
>>
>>
>> Said Mr Ferguson: "If users can find an alternative browser, then that's
>> good mitigation against the threat."
>>
>> But Microsoft counselled against taking such action.
>>
>> "I cannot recommend people switch due to this one flaw," said John Curran,
>> head of Microsoft UK's Windows group.
>>
>> He added: "We're trying to get this resolved as soon as possible.
>>
>> "At present, this exploit only seems to affect 0.02% of internet sites,"
>> said Mr Curran. "In terms of vulnerability, it only seems to be affecting
>> IE7 users at the moment, but could well encompass other versions in time."
>>
>> Richard Cox, chief information officer of anti-spam body The Spamhaus
>> Project and an expert on privacy and cyber security, echoed Trend Micro's
>> warning.
>>
>> "It won't be long before someone reverse engineers this exploit for more
>> fraudulent purposes. Trend Mico's advice [of switching to an alternative
>> web browser] is very sensible," he said.
>>
>> PC Pro magazine's security editor, Darien Graham-Smith, said that there
>> was a virtual arms race going on, with hackers always on the look out for
>> new vulnerabilities.
>>
>> "The message needs to get out that this malicious code can be planted on
>> any web site, so simple careful browsing isn't enough."
>>
>> "It's a shame Microsoft have not been able to fix this more quickly, but
>> letting people know about this flaw was the right thing to do. If you keep
>> flaws like this quiet, people are put at risk without knowing it."
>>
>> "Every browser is susceptible to vulnerabilities from time to time. It's
>> fine to say 'don't use Internet Explorer' for now, but other browsers may
>> well find themselves in a similar situation," he added.