Incidents

Another Internet Explorer flaw

It has been a rough year for Microsoft. And for the users who haven’t yet switched to XP, or upgraded using SP2. Almost every month brought a new vulnerability in some version of IE. There were notably fewer in XP+SP2 than in other combinations. For those still using some flavour of 9X, NT or 2000, the wait for a patch has been a long, painful one.

The patch for the infamous IFRAME buffer overflow was posted on December 1st, 2004, almost one month after it was reported, in the form of the MS04-040 security update.

Today, exactly one week after MS04-040, Secunia Research has announced yet another vulnerability in IE, affecting IE 5, 5.5 and 6, on various operating systems, XP+SP2 included. In their own words: “Secunia Research has reported a vulnerability in Microsoft Internet Explorer, which can be exploited by malicious people to spoof the content of websites.”

Luckily, this vulnerability is not a critical one. But it will be no doubt a nice addition to scammers bag of tricks, trying to lure you into filling out online forms on fake sites which claim to be eBay.com or your e-banking interface.

Because it’s not a critical vulnerability, it means we probably won’t be seeing an epidemic based on this flaw, but beware of scam and phishing e-mails relying on this trick. Moreover, because this is not just an IE vulnerability, many other browsers are affected as well, increasing the potential for abuse.

You can see all vulnerability advisories on the https://threats.kaspersky.com/en/.

Another Internet Explorer flaw

Your email address will not be published. Required fields are marked *

 

Reports

APT trends report Q3 2021

The APT trends reports are based on our threat intelligence research and provide a representative snapshot of what we have discussed in greater detail in our private APT reports. This is our latest installment, focusing on activities that we observed during Q3 2021.

Lyceum group reborn

According to older public researches, Lyceum conducted operations against organizations in the energy and telecommunications sectors across the Middle East. In 2021, we have been able to identify a new cluster of the group’s activity, focused on two entities in Tunisia.

Subscribe to our weekly e-mails

The hottest research right in your inbox