Internet Explorer’s Zero Day Vulnerability

Recent tech news reports have been buzzing about a new zero-day vulnerability in the Internet Explorer (IE) browser. While this is not strictly a spam or email issue we thought it was worth mentioning because this attack vector can ultimately be used to seize control of exposed machines and turn them into zombies in some spammer’s botnet.

According to Microsoft’s Security Research and Defense blog this issue currently only affects IE6. However, some internet security experts have expressed concerns about IE7 and IE8 since they too are potentially exploitable.

Microsoft is using the occasion to urge users to upgrade to IE8 which they claim is the most secure browser available. While this claim is debatable, IE8 is arguably the most secure browser available from Microsoft. Meanwhile, both Germany and France are recommending that computer users move away from Internet Explorer.

It is worth noting that IE has a long history of security problems of which this is just the most recent manifestation. This is partly due to the fact that IE is the most widely used browser (and therefore the most frequently attacked) and partly due to Microsoft’s apparent need to sell software “before its time”. Microsoft has announced a special out of band (as in not on Patch Tuesday) security update which should be released Thursday and is supposed to fix the problem. If you intend to stay with IE you should definitely install this patch.

It has been pointed out, correctly, that this issue just is a symptom of the overall lack of security on the Internet and that switching browsers is not a solution. While it is true that moving away from Internet Explorer does not solve the problem (if enough people move to Firefox it will become the new target of opportunity for malware) there are two good reasons to do so at this time:

  1. Vote with your downloads. Microsoft has been consistently complacent about their browser dominance ever since they displaced Netscape Navigator (NN) as the browser of choice. A mass exodus from their product might cause them to improve it.
  2. Since Internet Explorer has been a consistent security problem since the before the aforementioned displacement of NN, abandoning IE has made sense for a long time and continues to be an appropriate security measure. Changing browsers is not a complete security solution but ditching IE doesn’t hurt.

With that in mind, we recommend leaving Microsoft behind where browsers are concerned and moving to Firefox or Opera.

Firefox is particularly good at flagging sites containing malware and providing warnings in search results which goes a long way toward protecting against browser based exploits.

Opera has always been the most efficient and standards compliant browser available and because it has never gained a significant market share it is a much smaller target than both IE and Firefox.

Finally, since the bait for many browser exploits comes in the form of links in spam messages we strongly recommend using a good spam filtering product like ours (hey, it really does help). If you choose to deal with spam the hard way or if your spam filtering product allows a lot of spam through, please use common sense and don’t click on links in spam emails.

More Information

PC World Article

Microsoft Security Advisory

- -

OnlyMyEmail is an award winning hosted spam filtering service and business email hosting provider. Our enterprise cloud computing anti-spam solution, the MX-Defender, has the highest capture rate of any spam filter ever tested in the VBSpam Challenge, blocking a record setting 99.9993% of all malicious and junk email.

Our Personal spam filtering system is also a Software as a Service (SaaS) solution and has won both the PC World "World Class Award" and also the PC Magazine "Editor's Choice Award."

OME-Kids is a webmail solution that protects children from spam and other harmful emails. OME-Kids offers unique Parental Controls that allow you to choose the level of security and oversight that's right for your child.

Tags: , , , ,

Comments are closed.