Unpatched Microsoft Internet Explorer vulnerability being actively exploited

by Graham Cluley on December 12, 2008 | Comments Off

Filed Under: Malware, Vulnerability

Critical

As many of you who follow the security scene will know, Microsoft released an advisory about a zero-day vulnerability in the Internet Explorer web browser a couple of days ago.

Sophos published its own analysis of the severity of the vulnerability that I would recommend you read if you haven't already done so.

The bad news is that there isn't an official fix for this vulnerability from Microsoft yet, and we are seeing real in-the-wild instances of websites being struck by SQL injection attacks that then serve up the exploit.

Fraser Howard goes into greater detail about this problem on the SophosLabs blog, explaining how the analysts in our research labs have developed protection against the current wave of attacks and how we have prepared proactive defences what may crop up in the future too.

The latest Sophos Security Threat Report discussed the rising tide of SQL injection attacks and the threat posed by hacked websites (there have been three times more infected webpages discovered during 2008 than in 2007, with one new victim found every 4.5 seconds).

If you haven't yet managed to convince your bosses of the needs for comprehensive protection against web-borne threats, maybe now is the time to do it.

Tags:

About the author

Graham Cluley is senior technology consultant at Sophos. The readers of Computer Weekly voted him security blogger of the year in 2009 and 2010, and he pipped Stephen Fry to the title of "Twitter user of the year" too. Which was nice. He was also named "Best Security Blogger" by the readers of SC Magazine in 2011. You can subscribe to Graham's updates on Facebook, follow him on Twitter and circle him on Google Plus for regular updates.