That's right Windows Folks.
Your are only 'one click' away from beginning a brand new adventure, filled with exciting new technology and everything you need to enjoy a 'safe', FREE computing experience.
So, if you have just reached your threshold level for tolerance of the daily 'yet another zero day Windows exploit' litany, then please let me encourage you to take that step.
Go ahead, click that link directly below and see a new world unfold before you:
((((((((((((( http://www.ubuntu.com )))))))))))))))
Ubuntu Linux 9.10, the safest operating system on the planet.
Dietrich T. Schmitz
GNU/Linux Advocate
Zero Day
Ryan Naraine and Dancho DanchevMicrosoft offers 'fix-it' workaround for IE zero-day
Summary
Microsoft has released a one-click “fix-it” workaround to help Web surfers block malware attacks against an unpatched Internet Explorer vulnerability.
Topics
Blogger Info
Ryan Naraine
Biography
Ryan Naraine
Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.
Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.
Dancho Danchev
Biography
Dancho Danchev
Microsoft has released a one-click “fix-it” workaround to help Web surfers block malware attacks against an unpatched vulnerability in its flagship Internet Explorer browser.
The workaround ffectively disables peer factory in the iepeers.dll binary in affected versions of Internet Explorer.
The workaround, available here, comes on the heels of the public release of exploit code into the freely available Metasploit pen-testing framework.
Microsoft confirmed the availability of exploit code for the issue and again urged users to upgrade to Internet Explorer 8, which is not vulnerable to this issue.
The company urged IE users to test the Fix-It workaround thoroughly before deploying as certain functionality that depends on the peer factory class, such as printing from Internet Explorer and the use of web folders, may be affected.
[ SEE: IE zero-day flaw leaks out; Exploit code published ]
Microsoft also confirmed it is considering an out-of-band emergency patch to correct the underlying flaw.
We have seen speculation that Microsoft might release an update for this issue out-of-band. I can tell you that we are working hard to produce an update which is now in testing. This is a critical and time intensive step of the process as the update must be tested against all affected versions of Internet Explorer on all supported versions of Windows. Additionally, each supported language version needs to be tested as well as testing against thousands of third party applications. We never rule out the possibility of an out-of-band update. When the update is ready for broad distribution, we will make that decision based on customer needs.
Malicious hackers are already exploiting the vulnerability to launch targeted attacks. The earliest attacks include the use of a backdoor that allows complete access to a vulnerable machine.
The backdoor allows an attacker to perform various functions on the compromised system, including uploading & downloading files, executing files, and terminating running processes.
ALSO READ:
- The cadence of Microsoft security patches
- Advanced Persistent Threats: Should your panties be in a bunch, and how do you un-bunch them?
- New Microsoft IE zero-day flaw under attack
Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.
Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.
Disclosure
Ryan Naraine
The most important disclosure is of my employment with Kaspersky Lab as a security evangelist. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.
Biography
Ryan Naraine
Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.
Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.
Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.
More from “Zero Day”
Related Discussions on TechRepublic
Did you know you can take part in these discussions with your ZDNet membership?Talkback Most Recent of 230 Talkback(s)
-
DTS Linux Advocate(Edited: 03/15/2010 08:10 AM) -
If they're going to upgrade operating systems it makes more sense...
...to upgrade to Windows 7 instead of some completely different operating system. All the security advantages without the loss of compatability.
ye03/15/2010 08:15 AM -
Is that software compatibility? Or driver compatibility?
Sounds like you're fudging the fact that "Windows" is a brand name, and not an operating system, to me. Different Windows operating systems are not necessarily mutually compatible.
But there's noting stopping anyone downloading a "Live" Ubuntu or Fedora CD and trying it out first. The old "try before you buy" idea, except without the price tag at the end.
Zogg03/15/2010 08:31 AM -
LOL! What a stretch.
Sounds like you're fudging the fact that "Windows" is a brand name, and not an operating system, to me.
Given this I don't see any point in addressing anything else you've written. You're desperate.ye03/15/2010 08:37 AM -
No surprise there; I accept your surrender
I'm not surprised you've chosen to run away; even you must realize you patently untrue your prior claim is:
"All the security advantages without the loss of compatability(sic)."
So there we have it: Ye claims no loss of compatibility between WinXP and Win7.Zogg03/15/2010 08:44 AM -
I'm happy to surrender to you...you're an accomplished idiot.
Congratulations on your achievement.ye(Edited: 03/15/2010 08:50 AM) -
@Zogg: I can understand why you would consider the truth to be an ad hom.
You have to in order to build a case.
As for the title it materially didn't change. You're an idiot as your original post demonstrates.ye03/15/2010 08:58 AM -
His point is valid Ye....
...sometimes your obsession with "Windows superiority" really is annoying.
It's a well known fact that not all applications and drives will work with the next version of Windows.
That said, if you have Windows Vista on your system and everything works, it's highly unlikely that you will suffer any compatibility issues migrating to Windows 7.
On the other hand, migrating from XP to Windows 7 is more likely to have compatbility issues if you insist on keeping 10 year old hardware and 10 to 15 year old software packages.
Lastly, your post here indicates that *you* are the desparate one because you CHOOSE to not see the point.
PollyProteus03/15/2010 09:49 AM -
That didn't happen to me
I had two apps, one very important (Navision Financials) and one not so important (Plextor Video Capture) that refused to run in Vista. Both of them are running in Windows 7, both 32 and 64 bit Versions. I know, anecdotal...
Linux is great, I use it daily, but it can be a real pain.
Many updates break MythTV, which can involve a great deal of effort to un-break.
HP ScanJet still will not work after half a dozen Linux people worked with me for days on it.
Video at random boots up to some ungodly resolution, either 320x240 or sometimes so high that nothing is readable. SSH in, edit xorg.conf and restart X - Why ? The same box runs Windows 98, XP, Vista and 7 (removeable HD) - only happens with Linux.
My personal "compatibility" rant is now done.
Do I like Linux - you betcha
Do I like Windows - you betcha
dev-null03/15/2010 10:12 AM -
Then tell HP to fix their drivers.
The specs aren't available, you know, so it's not like Linus or someone can just whip up a working Linux version themselves.
AzuMao03/15/2010 10:46 AM -
I Only Use A Linux Distro Until It Breaks First Time
You are more patient than me.
The first time an important app goes south, or the video dies (as has happened to me) I format the hard disk. Had happened numerous times. Normally one of the many 100+ M updates send it awhirl.
You get what you pay for, and as Linux xosts nothing, it _IS_ worth its price.
PMC-CON03/15/2010 04:22 PM -
Why are you on ZDNet again, PMC?
It's brought to you by Linux (which is itself free), for free. So according to you it is worth 0 divided by 2.AzuMao03/15/2010 05:30 PM -
Not to defend Ye; dont need to but...
The point is he did not say there may be compatibility problems with 10 - 15 year old systems. If he had, no one would have challegened his assumption. Now, that is the point!
windozefreak03/15/2010 01:07 PM -
This is implicit.
It's a well known fact that not all applications and drives will work with the next version of Windows.
Man, have to spell every little detail out for the ABMers. Sad.ye03/15/2010 02:44 PM -
Or more accurately, you overgeneralized and were called on it.
And then your bruised ego made you childish.
Next time, please just stick to the points being made instead.Zogg(Edited: 03/15/2010 05:54 PM)
Talkback - Tell Us What You Think
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
Facebook Activity
Blog Roll
- All About Microsoft
- The Apple Core
- Between the Lines
- BriefingsDirect
- Collaboration 2.0
- Dev Connection
- A Developer's View
- Digital Cameras & Camcorders
- Ed Bott's Microsoft Report
- Emerging Tech
- Enterprise Web 2.0
- Five Nines: The Next Gen Datacenter
- Forrester Research
- Googling Google
- GreenTech Pastures
- Hardware 2.0
- Home Theater
- iGeneration
- India IT
- Irregular Enterprise
- IT Project Failures
- Laptops & Desktops
- Lawgarithms
- Linux and Open Source
- Managing L'unix
- The Mobile Gadgeteer
- Networking
- On Sustainability
- The Semantic Web
- Service Oriented
- Smartphones and Cell Phones
- Social Business
- Social CRM: The Conversation
- Software & Services Safari
- Software as Services
- Storage Bits
- Team Think
- Tech Broiler
- Tom Foremski: IMHO
- The ToyBox
- Virtually Speaking
- The Web Life
- ZDNet Education
- ZDNet Government
- ZDNet Healthcare
- Zero Day
Blog Archive
White Papers, Webcasts, & Resources
- Integrating Cisco Unified Communications Manager (CUCM) 6.X and Active Directory (AD)Directories are specialized databases that are optimized for a high number ... (Global Knowledge) Download Now
- Microsoft SQL Server 2008: What's New with R2This white paper explores some of the new, major features included in ... (Global Knowledge) Download Now
- Live Webcast: Web Performance Monitoring - A Competitive Advantage for SaaS Companies Do you deliver your products or services through the ... (Keynote Systems) Download Now
