Technology news and Jobs 
Information Technology News New zero day attack on Internet Explorer
Information Technology News New zero day attack on Internet Explorer | New zero day attack on Internet Explorer |
|
| by Stan Beer | |
| Tuesday, 07 November 2006 | |
      
"We are aware of limited attacks that are attempting to use the reported vulnerability," Microsoft states in a security advisory on its site. "In a Web-based attack scenario, an attacker would have to host a Web site that contains a Web page that is used to exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's Web site. "An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights," the advisory goes on to say." Microsoft advises: "Customers who believe they have been attacked should contact their local FBI office or post their complaint on the Internet Fraud Complaint Center Web site. Customers outside the US should contact the national law enforcement agency in their country." According to security monitoring organization SANS Institute, no patch is yet available. It is not yet known whether Microsoft will have a patch available in time for Patch Tuesday, November 14. {moscomment} |
Tags
| < Next story in category | Previous story in the category > |
|---|
