Attack Code Targets New IE Hole
For those of you who still use Internet Explorer to browse the Web, you should know that attack code exploiting an unpatched IE flaw has been released on publicly accessible websites last week. When integrated into a specially crafted web page, the malicious code in question allows an attacker to gain control of any PC that is unfortunate enough to have browsed the rogue page.
Fully-patched Windows XP SP2 and Windows 2000 SP4 systems are open to the new attack, said David Cole, director of Symantec's security response group. "This is proof-of-concept code, we haven't seen any active exploits," said Cole. "Whether it grows into something bigger is heavily linked to if it gets remote code execution [capabilities]," he added.
Since Microsoft hasn't released a patch to fix this flaw yet, here are 2 simple tricks you can use to protect yourself:
- Disable ActiveX controls in Tools-Internet Options.
- Use Firefox