Just got a email from for MS TechNet partners. Just thought I'd pass it on...
... [bold]The facts to date: . There have been a very limited number of targeted attacks against a small number of corporations. . Attacks seen to date are only effective against Internet Explorer 6. . Attacks are NOT widespread. . Thus far we are NOT seeing attacks focused on consumers. [/bold] That said, we remain vigilant, and want to be sure our customers and partners take appropriate action to protect themselves. [bold]We strongly recommend those using Internet Explorer 6 or Internet Explorer 7 upgrade to Internet Explorer 8 as soon as possible to benefit from the improved security protections it offers.[/bold] IE8 can be downloaded here. [bold]We also recommend those using Windows XP SP2 upgrade to Windows XP SP3.[/bold] It is important to note that all software has vulnerabilities and switching browsers in an attempt to protect against this one, highly publicised, but currently limited attack can inadvertently create a false sense of security. Moreover, IE8 has built-in security features, such as the SmartScreen filter, that other browsers do not have. [bold]These features protect against real threats to consumers[/bold], such as socially engineered malware and phishing attacks. On Fri, Jan 22, 2010 at 9:00 AM, John Bird <[email protected]> wrote: > Some more background about IE security holes. > > -Symantec report several hundred sites now have variants of the IE attack > installed. Some are well known dynamic DNS sites. This add urgency to > installing updates. > > -The link below reports Microsoft knew of this exploit 3 months ago - (but > had not fixed it). The link at MS however is either invalid or has been > taken down so this admission is no longer on MS site. > > http://www.computerworld.com/s/article/9147058/Microsoft_patches_IE_admits_it_knew_of_bug_last_August > > http://blogs.technet.com/msrc/archive/2010/01/21/bulletin-ms10-002-released.aspx > > This is why I like Firefox's record of known breaches being fixed usually > within a day or two. > > -There is debate about vulnerability of IE7 and IE8, in theory they are > vulnerable, as MS advisory says, but known breaches so far involved IE6. > > http://www.theregister.co.uk/2010/01/21/ie_emergency_patch_released/ > > John > > > _______________________________________________ > NZ Borland Developers Group - Delphi mailing list > Post: [email protected] > Admin: http://delphi.org.nz/mailman/listinfo/delphi > Unsubscribe: send an email to [email protected] with Subject: > unsubscribe > _______________________________________________ NZ Borland Developers Group - Delphi mailing list Post: [email protected] Admin: http://delphi.org.nz/mailman/listinfo/delphi Unsubscribe: send an email to [email protected] with Subject: unsubscribe
