People worldwide will be pulling their hair out if they become victim of the latest security flaw in Internet Explorer.  The security flaw affects all versions of Internet Explorer from IE5 to the latest release IE7.  It is being used to steal saved passwords of Internet Explorer.  This attack on your browser is called Zero-Day Attacks.  There are well over 10,000 websites with infected code that take advantage of this major loophole.  Protect your self now by making sure you have automatic updates enabled or run a Windows Update through your start menu.

This new flaw in Internet Explorer was discovered on Dec 16 2008.  Many people were recommending a switch to a different browser until updates were released.  A patch was sent out through windows update today Dec 19, 2008.  If you have automatic updates enabled your computer probably already downloaded the update or will download it tonight(3AM Is The Default Time For Automatic Updates)  To be sure you are protected from this major flaw in IE, I recommend that you run a manual update to make sure you have the latest patch to protect yourself from a Zero-Day Attack.

When the flaw first surfaced a few days ago Microsoft had the nerve to tell users that they cannot recommend users to switch browsers because of this one flaw.  This shows you how much they really care about the end user.  They don't want you to try other browsers when some of them may end up being more appealing to you, causing you to quit using IE.  Microsoft gave a work around to the flaw, but I have seen people saying that it didn't fix it.  This was just another method they used to keep the trust of IE users, even though the work around did not work.

This major Internet Explorer flaw couldn't have hit at a worse time.  With the busy season of Christmas people are scouring the internet for gifts and ideas.  Many of them could have been hit by a hacker and not even known it.  For many people it may not mean much, but for people that have logins and passwords saved for online banking, pay-pal and google checkout etc. this could cripple them.  For website owners it could enable hackers to take control of their domain names and servers resulting in even more passwords being stolen.  It also enables spammers to gain control of online email accounts to send out spam causing your email address to get blacklisted.

This is a perfect example of why it is always important to keep windows updated at all times.  But some of Microsoft’s updates like service packs are better if the update has some age to it.  For instance Service Pack 3 for Windows XP was released at the beginning of the year.  Users that downloaded the update early ended up having problems with their computer.  I was one of these people, but I was quick to resolve my problem with a little program that someone created that prepared Windows XP for the new Service Pack.  Every computer is different, some took it with out a single glitch and others caught the flu making their computer run like it was hit by a virus.

By looking at the security bulletin it seems that they created a patch a day after the flaw surfaced and made updates to that patch another day later.  So, there may be more fixes to this patch into the near future.

Microsoft Security Bulletin MS08-078 - Critical

Explanation of Zero-Day Attacks