Think twice about IE
p2pnet.net News:- Use a different web browser.
This stark suggestion comes in a US Computer Emergency Readiness Team (US CERT) warning as one of the ways people can protect themselves from the latest ‘extremely critical‘ Microsoft Internet Explorer security holes, found last week.
US CERT Vulnerability Note VU#713878 states:
“Microsoft Internet Explorer (IE) does not adequately validate the security context of a frame that has been redirected by a web server. An attacker could exploit this vulnerability to evaluate script in different security domains. By causing script to be evaluated in the Local Machine Zone, the attacker could execute arbitrary code with the privileges of the user running IE.”
“Customers who have deployed Windows XP Service Pack 2 RC2 are not at risk,” promises Microsoft here.
“Reports indicate that Web servers running Windows 2000 Server and IIS that have not applied update 835732, which was addressed by Microsoft Security Bulletin MS04-011, are possibly being compromised and being used to attempt to infect users of Internet Explorer with malicious code.”
Having to patch security problems, many of them ‘criticial,’ is now a standard part of the IE experience but although ‘use another browser’ is probably good advice, as the US CERT warning points out:
“There are a number of significant vulnerabilities in technologies relating to the IE domain/zone security model, the DHTML object model, MIME type determination, and ActiveX. It is possible to reduce exposure to these vulnerabilities by using a different web browser, especially when browsing untrusted sites. Such a decision may, however, reduce the functionality of sites that require IE-specific features such as DHTML, VBScript, and ActiveX. Note that using a different web browser will not remove IE from a Windows system, and other programs may invoke IE, the WebBrowser ActiveX control, or the HTML rendering engine (MSHTML).”
