Microsoft admitted today that a serious flaw in security has left the majority of the world�s internet users exposed to attacks from hackers hoping to steal personal data and passwords.
A loophole in Internet Explorer (IE), the default web browser on most computers, allows criminals to commandeer victims� PCs by tricking them into visiting unsafe websites.
It is thought that two million computers have already been affected as Microsoft conceded that 1 in 500 internet users may have been exposed.
Computer users are advised by some security experts to switch to an alternative internet browser, such as Firefox or Google Chrome, to avoid the hackers who have so far corrupted an estimated 10,000 websites.
Microsoft said that it is considering the release of an emergency update to correct the flaw. The computing company claims that it has only detected attacks on Internet Explorer 7, the most common version of the browser, but gave warning that other versions are also potentially vulnerable.
The hack was initially devised by Chinese criminals, who have been stealing computer game passwords that can be sold on the black market.
However, Paul Ferguson, a security researcher for Trend Micro Inc, an anti-spyware provider, said that the security breach is so severe that it could be "adopted by more financially motivated criminals for more serious mayhem � that�s a big fear right now?.
Since the security flaw was reported on December 9, Microsoft said that there has been an exponential increase in attacks attempting to make use of the vulnerability. These opportunistic hackers who exploit known security breaches are called "zero-day? attackers.
These threats occur as hackers race against software makers to attack the affected programmes, such as IE, before the known problems are repaired.
"Zero days are unusual � and zero days in the world�s most popular browser on the world�s most popular operating system are really unusual,? said a Trend Micro spokesman. "The threat from it is only going to grow."
John Curran, a spokesman for Microsoft, said: "Right now it�s affecting about 0.2 per cent of users who may have come in touch with the vulnerability.
"It has the potential to move world wide rather quickly so it�s a significant issue and that�s why Microsoft is working diligently to get it resolved as quickly as possible.
"We are recommending four steps [see below] which would protect you from the vulnerabilities we know today but there could be variations to the vulnerabilities.
"Obviously the chance for this to be exploited is there.?
The company is telling users to employ a series of complicated workarounds to minimise the threat. It has been suggested that increasing the internet security zone level to high and disabling Ole32db.dll in the access control list could help protect a computer.
Some security experts, though, have advised IE users switch to another browser until an update is released. The next scheduled patch is not due until January 13 but it is not unusual for Microsoft to release an emergency patch.
Microsoft have struggled to build an appropriate patch thus far because the affected component is at the very core of the IE programme and any changes to the central code could cause a number of unexpected side-effects.
Microsoft�s advice for Internet Explorer users
1. Keep your anti-virus up-to-date. Microsoft has circulated the definitions of these vulnerabilities to all the major anti-virus providers.
2. Reset Internet Explorer to run in protected mode. This is the default mode in Windows Vista but not XP or the earlier versions.
3. Set zone security to high.
4. Ensure Windows is updated. You can do this manually through Windows updater or set it to automatic updates.
More complex and comprehensive approaches are listed on the Microsoft website .
http://www.microsoft.com/technet/security/advisory/961051.mspx
http://www.theyeshivaworld.com/article.php?p=27309
---------------------------- Sponsor ----------------------------
Use Our Ride-sharing Network!
Our service has Boruch Hashem seen an overwhelming response.
If you are able to, please do a Mitzvah and offer a ride to those
who can�t afford or don�t know how to drive.
www.theyeshivaworld.com/rideshare
-----------------------------------------------------------------------
Was this emailed forwarded to you? Sign up to receive your own email notifications at
http://www.theyeshivaworld.com//subscribe.php
yid.vid.news@gmail.com has signed up to receive these notifications.
If you would like to unsubscribe, visit the url below:
http://www.theyeshivaworld.com//remove.php?email=yid.vid.news@gmail.com
