Microsoft announced yesterday that they have identified a security hole in Internet Explorer for XP that could allow a cyber-crook to take control of your computer if you visited an infected website. According to reports, hackers are already exploiting this hole by sending spam email with links to infected sites. Vista users are said to be unaffected. Even if you have a virus and spyware protection program, it is not clear if you will be protected form this vulnerability. So, if you have an XP machine, you should follow these steps as soon as possible to protect yourself:
- Run the patch to fix the issue from Microsoft's website
- If you cannot download or install the current version of the patch, there are manual instructions here, but the process involves mucking around in your registry and can cause serious problems if not done correctly.
- Alternatively, you should use an alternative browser such as Mozilla Firefox—which, presumably, is not affected by this issue.
- Finally, don't click on those SPAM links, no matter how enticing they may be!
From Jay on July 07, 2009 :: 3:03 pm
Thanks for posting this. Unfortunately, that “Fix it for me” section on the Microsoft website has two “fix it” buttons right next to each other: one to “Enable Workaround” and one to “Disable Workaround.”
In effect, one “fixes” the security issue, and the other one un-does that fix (un-fixes it?)!!
So, people should click the “Enable Workaround” button to do the security fix.
What this means, more or less, is that the underlying security flaw is not yet going to be fixed by the patch, but the patch is a workaround that blocks makes the security flaw unreachable.
So, it’s important to do the patch now, as an interim measure while waiting for the “real” fix.
Reply