|
|
|
|
I have received this information on Facebook ..... is it accurate, or is it SPAM? I am new to this so not sure how to recognise authentic Microsoft information.
Don't want to download something I shouldn't !! I am not sure what IE version mine is.
31 January 2011 Microsoft warning over browser security flaw.
Microsoft has issued a "critical" warning over a newly-discovered flaw in Windows.
In a security advisory, the company warned of a loophole that could be used by malicious hackers to steal private information or hijack computers.
The bug potentially affects every user of the Internet Explorer web browser - around 900 million people worldwide.
Microsoft has issued a software patch to defend against attacks, and said it was working to develop a long-term fix.
The security advisory, which was published on Friday, details how the vulnerability can be used to manipulate users and take over their machines.
Although the flaw is actually inside Windows itself, it only appears to affect the way that Internet Explorer handles some web pages and documents.
Microsoft admitted that the problem meant users could easily be fooled into downloading malicious files by doing something as simple as clicking on a web link.
"When the user clicked that link, the malicious script would run on the user's computer for the rest of the current Internet Explorer session," wrote Microsoft representative Angela Gunn in awebsite announcement accompanying the advisory.
Once the computer had been hijacked, hackers could use it to steal personal data or send users to fake websites, she added.
"Such a script might collect user information, e.g e-mail, spoof content displayed in the browser or otherwise interfere with the user's experience."
Although Microsoft said it had seen no evidence that the glitch had already been exploited by hackers, it warned that research had shown it was a serious threat.
And while it has not been able to remove the bug itself, it issued a "fix it" security patch to block any attempts to use it.
All Windows users - particularly those who use Internet Explorer - are being urged to download the fix while the company's security team develop a way to plug the hole permanently.
See...
Microsoft Security Advisory (2501696): Vulnerability in MHTML Could Allow Information Disclosure
http://www.microsoft.com/technet/security/advisory/2501696.mspx
NB: You will want to have a thorough read of the "Mitigating Factors and Suggested Actions" section on the above page.
NB: If you decide to run Fix It 50602 in KB2501696, you will need to run Fix It 50603 before you'll be able to install the patch for this vulnerability when it's released by Microsoft. In fact, the computer won't be offered the patch if Fix It 50603 hasn't been run.
Yes, that's accurate. You should download the fix here: http://support.microsoft.com/kb/2501696I have received this information on Facebook ..... is it accurate, or is it SPAM? I am new to this so not sure how to recognise authentic Microsoft information.
Don't want to download something I shouldn't !! I am not sure what IE version mine is.
And while it has not been able to remove the bug itself, it issued a "fix it" security patch to block any attempts to use it.
All Windows users - particularly those who use Internet Explorer - are being urged to download the fix while the company's security team develop a way to plug the hole permanently.
Yes, that's accurate. You should download the fix here: http://support.microsoft.com/kb/2501696I have received this information on Facebook ..... is it accurate, or is it SPAM? I am new to this so not sure how to recognise authentic Microsoft information.
Don't want to download something I shouldn't !! I am not sure what IE version mine is.
And while it has not been able to remove the bug itself, it issued a "fix it" security patch to block any attempts to use it.
All Windows users - particularly those who use Internet Explorer - are being urged to download the fix while the company's security team develop a way to plug the hole permanently.
Is this not being released via Windows Update rather than expecting consumers to spot the issue and manually apply the fix it? There seems to be some scenarios where it should be applied and some where it shouldn't.
See...
Microsoft Security Advisory (2501696): Vulnerability in MHTML Could Allow Information Disclosure
http://www.microsoft.com/technet/security/advisory/2501696.mspx
NB: You will want to have a thorough read of the "Mitigating Factors and Suggested Actions" section on the above page.
NB: If you decide to run Fix It 50602 in KB2501696, you will need to run Fix It 50603 before you'll be able to install the patch for this vulnerability when it's released by Microsoft. In fact, the computer won't be offered the patch if Fix It 50603 hasn't been run.
Enter the thread ID of the thread you are merging into
To report abuse, sign in or continue without signing in
Thank you.
|
|
|
Don't have one of the above accounts?
