The recent attack to Google, Adobe and other companies revealed a vulnerability that exists in many versions of Internet Explorer. According to Wired the attack was ultra sophisticated and targeted source code from Google, Adobe and dozens of other high-profile companies. The level of sophistication was equal to the attacks seen in defense industry. Microsoft has released a Security Advisory (979352). The products that are vulnerable are Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 on supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. The Advisory explains the vulnerability:
“The vulnerability exists as an invalid pointer reference within Internet Explorer. It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.”
George Stathakopoulos, of the Microsoft Security Response Center stated that “Based on a rigorous analysis of multiple sources, we are not aware of any successful attacks against IE7 and IE8 at this time……we have teams working around the clock worldwide to develop a security update of appropriate quality for broad distribution to address this vulnerability.”
This security vulnerability is serious for big corporations and governments that use Internet Explorer. The German Federal Office for Security in Information Technology (known as BSI) recommends that all Internet Explorer users switch to an alternative browser.
Personally I doubt that home users will be affected from that vulnerability. Mainly the threat for the time being is for corporate and government users. In any case you should immediately upgrade to Internet Explorer 8. You may also choose to use another web browser until Microsoft releases a fix for this vulnerability.
]]>