Emergency Microsoft Security Warning

***Cairenn*** · 12-18-08, 01:06 AM

According to Microsoft, there is a major hole in Internet Explorer (versions 5.01, 6, 6 SP1, and 7) which can potentially be used to install keyloggers on your system. News reports indicate that this exploit is primarily being used to steal World of Warcraft passwords. We strongly recommend everyone IMMEDIATELY update their version of Windows (a regular Windows Update should do it) to resolve this issue.

Relevant Links

***Cairenn*** · 12-18-08, 01:06 AM

Please note: I don't want to see this thread devolving into Microsoft/Internet Explorer bashing. There is no need to say "get a Mac instead". Nor "just use Firefox, then you won't have to worry." None of that, please and thank you very kindly. This thread is to warn users about a significant security issue, not flame bait. Behave. You've been warned.

Petrah · 12-18-08, 07:57 AM

There was a security update in Firefox 3.5 as well, so they're not immune!

Edit: A good site for keeping up to date on severe security issues: United States Computer Emergency Readiness Team

Psoewish · 12-18-08, 08:48 AM

Pff you should all get a Mac with Firefox!

Heh sorry, I just had to say that :P

Anyway, I read some info about this when it just got known, and didn't know at the time it could be used to install wow keyloggers yet. That's pretty bad. Microsoft seems to have come up with a hotfix fast though, so it's all good now as long as you update asap.

PerfectH · 12-19-08, 11:14 PM

Thanks for the heads-up, Cairenn!

<3

Aesir · 12-21-08, 10:33 AM

Originally Posted by Silenia

There was a security update in Firefox 3.5 as well, so they're not immune!

While it's true that Firefox has security risks, the Firefox 3.05 update was a scheduled update. The update wasn't related to the MS Security Bulletin or the exploit referred to therein.

This defines the set of changes relating to security released in the 3.05 update:
http://www.mozilla.org/security/know...l#firefox3.0.5
These are other features/fixes added:
http://www.mozilla.com/en-US/firefox.../releasenotes/

On a related note, it wasn't immediately clear in the main text of the MS bulletin, or in most reports (including Cairenn's post here) but IE8 beta was also impacted, and a patch was pushed by MS the same day for IE8 beta. The statement on impact for IE8 beta2 was cleverly hidden in the bulletin's expanding FAQ section.

Is the Windows Internet Explorer 8 Beta 2 release affected by this vulnerability?
Yes. This vulnerability was reported after the release of Windows Internet Explorer 8 Beta 2. Customers running Windows Internet Explorer 8 Beta 2 are encouraged to download and apply the update to their systems.

**Shirik** · 12-21-08, 05:38 PM

Okay there have been too many nonconstructive posts here; this thread is now locked.

This site is not intended to be a "bash Microsoft" site, it is a site for promotion of an open community for World of Warcraft addons. The warning here is of immediate concern to this community, so it was posted. The additional comments, however, were unnecessary.

Thanks,
-- Shirik