900m IE用户面临被黑的风险

viviancn

http://www.theage.com.au/technol ... 20110201-1abmd.html

我没找到那个temporaty fix的连接，不知道哪里可以下载这个补丁安装？Windows Update没那么快出来。找到的tz麻烦分享下，加分答谢。

Microsoft has warned that the 900 million users of its Internet Explorer browser are at risk of having their computers hijacked and their personal information stolen by hackers.

The company has yet to develop a permanent fix for the security hole but users are being told to apply a temporary fix that prevents hackers from exploiting a hole to install malicious scripts. Users could be targeted simply by visiting an infected website.

In a security bulletin, Microsoft said the flaw affected all versions of Windows and, although it had yet to encounter "indications of active exploitation of the vulnerability", the flaw was serious and it was aware of proof-of-concept code exploiting the issue.

Advertisement: Story continues below "The main impact of the vulnerability is unintended information disclosure," said Microsoft's Angela Gunn in an accompanying blog post.

"For instance, an attacker could construct an HTML link designed to trigger a malicious script and somehow convince the targeted user to click it. When the user clicked that link, the malicious script would run on the user's computer for the rest of the current Internet Explorer session.

"Such a script might collect user information (eg., email), spoof content displayed in the browser, or otherwise interfere with the user's experience."

Microsoft added that the flaw, in addition to disclosing user information, could result in the user's machine being taken over, allowing hackers to "take any action that the user could take on the affected website on behalf of the targeted user".

Microsoft said it was working on a security update to patch the flaw but in the meantime users should install the temporary fix. Users are only protected if they find and install the patch themselves as Microsoft has yet to deliver an automatic update.

Users of other browsers such as Google Chrome and Firefox are not affected.

Michael Sentonas, chief technology officer for security software maker McAfee, said in a phone interview that he believed hackers would exploit the hole "very quickly".

"As of late last week there was a proof-of-concept available in the wild which showed how this exploit code could work," he said.

"When that does happen typically you will find exploits in the wild very quickly after that so we're obviously monitoring that very closely to make sure that people are protected."

According to analytics firm Net Applications, Internet Explorer is still the most-used web browser with a 57 per cent market share, following by Firefox (23 per cent), Google Chrome (10 per cent) and Safari (6 per cent).

highlight

还好PC上只用Firefox

viviancn

都不用IE?