If this is the first you’re hearing of this flaw, check out the link below to hear Defintel’s CEO, Chris Davis explain the situation:
Researchers estimate that more than 10,000 sites are compromised. While in-the-wild exploits are currently targeting IE 7 on Windows XP SP2 and SP3, Windows Server 2003 SP1 and SP2, Windows Vista (including SP1) and Windows Server 2008, it’s important to remember that all versions of Internet Explorer, from IE5 all the way to IE8 Beta 2, are affected.
Visit your legitimate online banking site and enter your user information? Now he’s got it.
Visit your favourite social networking site and chat with some friends? Now he’s got that too.
Microsoft intends to release a critical patch today, the second patch coming on Exploit Wednesday instead of Patch Tuesday in as many months. Back in October, Microsoft was forced to release an out-of-band patch to mitigate the extremely critical flaw in several Windows OS’.
In the meantime, users should use other browsers – FireFox, Chrome, Safari – whatever you like! Just not IE.
The general public is completely ill-equipped to deal with security events. Who knows how long it will be before the AV companies have signatures developed for this new exploit. And Microsoft surely isn’t losing any market share over yet another security debacle.
Why do we still treat online security as though the Internet only encompasses six guys at Berkeley? Everyone is online, from 5 year old girls to 95 year old men – they can’t all be expected to keep up to date with these vulnerabilities and exploits.
So, how do we help them?