Chippiewill
11-01-2013, 08:49 PM
This is an old article but it's still very relevant:
Update your browser! On Saturday, Microsoft posted a security advisory that warns that Internet Explorer 6, 7, and 8 are vulnerable to a remote code execution bug. It even notes that an attempt to exploit this bug in IE 8 has already been found in the wild. Luckily, IE 9 and 10 are not affected. If you can update, do so immediately.
Microsoft explains that in its default state, Internet Explorer running on Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 isn’t vulnerable. Microsoft Outlook, Microsoft Outlook Express, and Windows Mail also don’t appear to be affected, thanks to their increased restriction of JavaScript and ActiveX. If you can’t update to IE 9 or 10 for technical or business reasons, switching to Firefox or Chrome for general surfing will keep you safe from this specific vulnerability.
http://www.extremetech.com/internet/144503-critical-zero-day-exploit-in-ie-6-7-and-8-allows-complete-takeover
Now, we've just had Microsoft's patch Tuesday, however Microsoft did not manage to formulate a fix for this in time to pass the various checks to go out in the update. Hackers now knowing they've got a month to exploit this (Unless MS do an out of cycle patch) are likely to exploit this heavily, if you're running XP avoid using IE entirely if possible and on Vista/Seven if you haven't updated to IE9 yet then you should.
Update your browser! On Saturday, Microsoft posted a security advisory that warns that Internet Explorer 6, 7, and 8 are vulnerable to a remote code execution bug. It even notes that an attempt to exploit this bug in IE 8 has already been found in the wild. Luckily, IE 9 and 10 are not affected. If you can update, do so immediately.
Microsoft explains that in its default state, Internet Explorer running on Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 isn’t vulnerable. Microsoft Outlook, Microsoft Outlook Express, and Windows Mail also don’t appear to be affected, thanks to their increased restriction of JavaScript and ActiveX. If you can’t update to IE 9 or 10 for technical or business reasons, switching to Firefox or Chrome for general surfing will keep you safe from this specific vulnerability.
http://www.extremetech.com/internet/144503-critical-zero-day-exploit-in-ie-6-7-and-8-allows-complete-takeover
Now, we've just had Microsoft's patch Tuesday, however Microsoft did not manage to formulate a fix for this in time to pass the various checks to go out in the update. Hackers now knowing they've got a month to exploit this (Unless MS do an out of cycle patch) are likely to exploit this heavily, if you're running XP avoid using IE entirely if possible and on Vista/Seven if you haven't updated to IE9 yet then you should.