Mark 'Starbuck' may have told some of you already, but there has been a scare regarding the security of Windows Internet Explorer, following the Microsoft's public release of several bulletins to the media around the world. So I've done a little searching, especially after last nights Windows Update...
On December 4th, Microsoft released a shocking statement, describing how the Internet Explorer they built into the Windows operating system had become vulnerable to attackers, and went on to suggest the use of Firefox instead. Instead of being the usual trouble with downloading virus' and such via the viewing of illegal or compromised websites, the "vulnerability" actually presented attackers with the ability target your IP address and access your computer, if both the attacker and yourselves were using Windows Internet Explorer at the same time. By accessing your system in this manner, they were granted full user rights by your Windows operating system, allowing them to copy, modify or delete data. They were also able to install virus' on your computer as if they were software, which would then be backed up by Windows built in System Restore service.
However, the greater concern was the attackers full user rights and ability to copy, also enabling them to read your Credit Card details. Unlike the usual issues of the past, Credit Card details wasn't being read and copied upon use. In your Internet Options window, you're able to delete temporary files, history, cookies, passwords, and web form information. As with any Internet Explorer, all Credit Card details are added to your web form information folders. The attacker being able to access your system and gain full user rights, enabled them to access those folders and view that information stored on your hard drive. That said, the Windows Internet Explorer was the only one to have this vulnerability, purely because it's tied into the Windows operating systems. Microsoft has continued to assure everyone, that Windows operators who have customized their user accounts to have limited user rights, would be less affected by these issues.
On December 17th, Microsoft released two webcasts and further information describing these attacks, a critical update to fix the problem, which your operating system should automatically download when your online. While registration to the Windows official website is necessary to view these webcasts and more detailed information, they are to be more publicly disclosed in the future.
While this was a critical issue, and Microsoft accepted nobody was safe in prior weeks, I'd just like to add that you or I were just as likely to be affected by this as ever before... which isn't very. Microsoft were able to identify the issues, but there is no information to indicate that such attacks had taken place. If they did in fact happen, there would only be a handful of people who would commit these attacks, and they'd far more likely attack businesses with more money, instead of the average user. So, worry if you like... but I personally believe there never was any need for concern, especially given Microsoft's quick acknowledgment and response to the threat. |
LANDWARRIOR
WN| WARRIORS NETWORK
COMMANDER |
|