Major new IE vulnerability: all MMO players read!

[Windzarko]

The flaw in Microsoft's Internet Explorer could allow criminals to take control of people's computers and steal their passwords, internet experts say.

Microsoft urged people to be vigilant while it investigated and prepared an emergency patch to resolve it. Internet Explorer is used by the vast majority of the world's computer users.

"Microsoft is continuing its investigation of public reports of attacks against a new vulnerability in Internet Explorer," said the firm in a security advisory alert about the flaw.

Microsoft says it has detected attacks against IE 7.0 but said the "underlying vulnerability" was present in all versions of the browser. Other browsers, such as Firefox, Opera, Chrome, Safari, are not vulnerable to the flaw Microsoft has identified.

Browser bait
"In this case, hackers found the hole before Microsoft did," said Rick Ferguson, senior security advisor at Trend Micro. "This is never a good thing."

As many as 10,000 websites have been compromised since the vulnerability was discovered, he said.

"What we've seen from the exploit so far is it stealing game passwords, but it's inevitable that it will be adapted by criminals," he said. "It's just a question of modifying the payload the trojan installs."

"The message needs to get out that this malicious code can be planted on any web site, so simple careful browsing isn't enough."

That's quoted from bbc.co.uk, and has appeared on many other websites besides. It's a major risk to anyone playing online games that require a login, and could very quickly become even more ugly.

Long story short: get the update if you absolutely have to use IE, but to be honest, get Firefox or another browser. You'll never be 100% safe, but a non-Microsoft browser is your best bet.

If you're very concerned about security, my personal recommendation is Firefox with the add-ons "AdBlock Plus", "Flashblock", "AdBlock Filterset.G Updater", and perhaps "noScript". In addition, the program "Spybot Search & Destroy" with the TeaTimer module active. This is the setup I use and I've never had any security issues.

 

[thatbloke]

A patch for this vulnerability was released yesterday and is available through Windows Update.

 

[Windzarko]

I know, I quoted it and said as much as well

But to be honest, I consider this further proof that IE isn't to be trusted as your primary browser and sufficient reason to use one that isn't... you know... crap.