Security - Channel Insider
Empowering the next generation Channel
 

Sponsored Links
  • Get up and running in as quickly as 30 days with BI. Learn how today.
  • FREE Securing Smartphones & Tablets for Dummies Book from Sophos
  • 5 New Technologies That Will Change Enterprise ITAdvertisement
  • Build an IT Infrastructure That Delivers the Future

    		•  

    New Exploit Targets Older Versions of Internet Explorer

    in Security



    DATE: 2009-11-23 | By Lawrence Walsh
    Article Rating:starstarstarstarstar / 0
    Article Views: 2357

    Symantec is reporting that a new CSS vulnerability is leaving users of Internet Explorer 6 and 7 vulnerable to malware infection via malicious and compromised Web sites. A patch isn’t available, and antivirus vendors are working on new detection signatures.

    Rate This Article:
    Poor Best
    Add This Article To:

    Symantec is reporting that older versions of Microsoft Internet Explorer are susceptible to a new attack against a vulnerability in its cascading style sheets (CSS). While a working exploit hasn’t been detected, Symantec suspects that it’s only a matter of time before hackers start actively using this new vulnerability with a full-functioning exploit.
     
    According to Symantec, the CSS vulnerability affects versions 6 and 7 of the Microsoft browser. Exploits currently detected are unreliable, meaning that they don’t always work. However, when a working, full-functioning exploit is produced, Symantec says hackers will be able to inject malicious code into Web sites and stealthily infect PCs.

    Symantec says malicious code attacking the vulnerability are detected with the current Bloodhound.Exploit.129 antivirus signature, as well as the HTTP Microsoft IE Generic Heap Spray BO and HTTP Malicious Javascript Heap Spray BO IPS signatures. Since these signatures aren’t fully reliable, Symantec is working on a new set of signatures specifically for this vulnerability.

    Until Microsoft releases a patch for the CSS vulnerability, Symantec advises PC users to update antivirus signatures, disable JavaScript and only visit trustworthy Web sites.




    comments dic


     
     
    >>> More Security Articles          >>> More By Lawrence Walsh
     



    		 


    Related Content

    Articles Labs/How-To Multimedia

    channel chatter


    HTML PLAIN TEXT

    Keep on top of news for VARs and Resellers with CI's Weekly Newsletter and Alerts.


    [ci] feeds
    XML
    Add Channel News, Product Reviews, Trends and Analysis to your RSS newsreader or My Yahoo!

     

    CHANNEL SPONSORED RESOURCE CENTER
     
     
     
    Start the New Year with business intelligence—it’s a smart move
    Join us on February 1 for an encore rebroadcast at either 5 am or 12 noon EST and discover how business intelligence (BI) supports companies in uncertain business and economic climates. Get expert advice on how to create a strategy that fits your organization's needs and budget and see how quickly it can pay for itself.
    Click Here
     
    Security and Availability Essentials for Running Your Business in the Cloud
    Are you moving to the cloud? Find out what every IT professional should know about security and availability before moving to the cloud. Hear what a security provider’s own CSO has to say.
    Watch Video
    A new algorithm automatically identifies relationships between variables to help reduce researcher prejudice.
    Click HereAdvertisement