Unpatchable flaws made public

Secunia, a leading provider of IT-security services, announced on Friday that they'd raised the current security rating for IE to "extremely critical". Although some of the flaws have been known for a while (since October!), Microsoft haven't made any patch(es) available. Even a fully updated Windows with SP2 is vulnerable.

The recent update of the security rating is due to code examples showing how to exploit the flaws have surfaced on the web. The flaws make it possible to execute commands or even install code. What's really scary is that the exploit doesn't require any user interaction beyond the point of visiting an maliciously designed web-page.

A malicious web-site could basically use these flaws to do whatever they want, installing dialers, spyware and other malware onto a visitors computer without their knowledge or interaction. If you don't believe me check out this demonstration that Secunia have made available, it clearly demonstrates how this can be exploited.

Thomas Kristensen, chief technology officer at Secunia, said to News.com that:

In order for us to rate a vulnerability as extremely critical, there has to be a working exploit out there and one that doesn't require user interaction. This is our highest rating and is the last warning for users to fix their systems.

Secunia's suggestion for a resolution is quite clear:

Solution: Use another product

I very much agree with Secunia's suggestion; If you haven't already made the switch, it's time to start exploring your options. Personally I recommend that you give Opera a spin, as it might just be the best browser ever made and it's becoming even better.

Couldn't generate page, however a cached copy was found and served on the 1st of January 1970 @ 00:00 in 0.016 seconds...

Errors occurred while generating this page... (More info availible)