Internet Explorer Exploit

The security flaw in Internet Explorer has a few folks scrambling. One of the questions going around in my head is, "Does this flaw affect IE browser on computers where the user does not have admin rights to install software?" The reason why is that some districts that restrict end-users from installing anything...well, wouldn't that Active Directory policy restrict the malware, too?

Here's an email, as innocuous as possible, that I adapted from someone else's note to staff:

Please be aware that a security flaw has been found in the Internet Explorer (all versions). This is probably the browser that you may use much of the time. The flaw allows malicious code to steal users passwords, and control their computers.

Avoid using Internet Explorer for online banking at this time. (online banking passwords, are the most desirable target of this exploit)

The flaw in Microsoft's Internet Explorer could allow criminals to take control of people's computers and steal their passwords, internet experts say.

Microsoft urged people to be vigilant while it investigated and prepared an emergency patch to resolve it. . .Other browsers, such as Firefox..., Chrome, Safari, are not vulnerable to the flaw Microsoft has identified.
Source: BBC News 12/16/2008

Microsoft is working on a patch to fix the problem, but currently there is no fix. There are many web sites exploiting this flaw.

For your own personal computers (such as those at home), you are encouraged to follow the advice in the news report above and use an alternate browser, like Firefox.

Additional Links:

• Official Statement from the Dept. of Homeland Security
• Microsoft's Statement
• eWeek - Hackers Compromise Legit Web Site

How would you let your district folks know what is happening?

---

Subscribe to Around the Corner-MGuhlin.net

---

Be sure to visit the ShareMore! Wiki.