微軟的IE被抓到嚴重安全漏洞, 從ie6~ie11都存在該漏洞,
這個漏洞能讓駭客控制使用者電腦取得私人資料.
漏洞的詳情為了安全考量並沒有公開. 但已經有
駭客集團利用該漏洞攻擊國防與金融企業.
微軟目前只計畫針對ie9~ie11提出修補,
而且對xp的使用者不提供更新修補漏洞.
更新前建議不要使用ie.
詳情可參考 http://ppt.cc/DKGv
原文(恕無能翻譯):
Microsoft Corp is rushing to fix a bug in its widely used
Internet Explorer web browser after a computer security
firm disclosed the flaw over the weekend, saying hackers
have already exploited it in attacks on some U.S. companies.
Microsoft disclosed on Saturday its plans to fix the bug,
which targets Internet Explorer versions 9 through 11.
Those versions take up 26.25 percent of the browser market,
according to FireEye, the cybersecurity software company
that caught the bug.
The bug, however, reportedly affects versions 6 through 11.
Together, those versions dominate desktop browsing, accounting
for 55 percent of the PC browser market, according to tech
research firm NetMarketShare.
Microsoft is rushing to fix a bug in its widely used
Internet Explorer web browser after a computer security firm
disclosed the flaw over the weekend
PCs running Windows XP will not receive any updates fixing that
bug when they are released, however, because Microsoft stopped
supporting the 13-year-old operating system earlier this month.
Security firms estimate that between 15 and 25 percent of the
world's PCs still run Windows XP.
FireEye Inc said that a sophisticated group of hackers have been
exploiting the bug in a campaign dubbed 'Operation Clandestine Fox.'
FireEye, whose Mandiant division helps companies respond to cyber
attacks, declined to name specific victims or identify the group
of hackers, saying that an investigation into the matter is still
active. It described the hackers as 'extremely proficient at lateral
movement' and 'difficult to track.'
'It's a campaign of targeted attacks seemingly against U.S.-based
firms, currently tied to defense and financial sectors,' FireEye
spokesman Vitor De Souza said via email. 'It's unclear what the
motives of this attack group are, at this point. It appears to be
broad-spectrum intel gathering.'
He declined to elaborate, though he said one way to protect against
them would be to switch to another browser.
The bug reportedly affects versions 6 through 11 of Internet Explorer
Microsoft said in the advisory that the vulnerability could allow
a hacker to take complete control of an affected system, then do things
such as viewing changing, or deleting data, installing malicious
programs, or creating accounts that would give hackers full user rights.
FireEye and Microsoft have not provided much information about the
security flaw or the approach that hackers could use to figure out how
to exploit it, said Aviv Raff, chief technology officer of cybersecurity
firm Seculert.
Yet other groups of hackers are now racing to learn more about it so
they can launch similar attacks before Microsoft prepares a security
update, Raff said.
'Microsoft should move fast,' he said. 'This will snowball.'
Still, he cautioned that Windows XP users will not benefit from that
update since Microsoft has just halted support for that product.
The software maker said in a statement to Reuters that it advises
Windows XP users to upgrade to one of two most recently versions of
its operating system, Windows 7 or 8.