A use-after-free vulnerability has been reported in Internet Explorer, which could allow a remote attacker to execute arbitrary code on a targeted system. Experts have advised users to opt for alternate browsers like Firefox and Google Chrome
Microsoft has found a security flaw in its popular web browser — Internet Explorer
— which could allow hackers to gain control of a computer, and there have already been targeted attacks to exploit the bug. This has prompted government security response teams from various countries, including India urging Windows users to consider Chrome or Firefox as their default browser until Microsoft fixes the flaw.
Computer emergency response teams (CERTs) in the US), UK, Sweden and India have advised Internet Explorer users to consider using other browsers.
The risk from the flaw could allow hackers to gain control of a victim’s computer and Microsoft admitted there had already been “limited, targeted attacks” to exploit it. Microsoft said the bug affects Internet Explorer (IE) versions 6 to 11 and that the firm is investigating the flaw and will take “appropriate” steps.
According to CERT-IN, this vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. "A remote attacker could exploit this vulnerability by hosting a specially crafted website and then convincing users to view the website. Successful exploitation of this vulnerability could allow a remote attacker to execute
arbitrary code on the targeted system," it said in an advisory.
The US software giant, which issued a security advisory over the weekend, said the steps “may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs".
The issue may be of special concern to people still using the Windows XP operating system because Microsoft ended its official support for that system earlier this month.
“The vulnerability crashes Internet Explorer on Windows XP,” said Cyber security firm Symantec that carried out tests to confirmed the risk.
According to Microsoft, hackers looking to exploit the flaw could host a “specially crafted website” containing content that can help them do so, the report said.
They could trap users into clicking on a link sent via an email or instant messenger, or by opening an attachment sent through an email.
In case they are successful, hackers could gain the same rights as the computer’s current user.
“If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system,” Microsoft warned.
“An attacker could then install programmes; view, change, or delete data; or create new accounts with full user rights,” the firm said.
The IE versions account for more than 50% of global browser market, according to NetMarket Share.
• Configure Enhanced Mitigation Experience Toolkit 4.1/5.0 for IE.
• Disable flash plug-in in IE.
• Set Internet and Local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones
• Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone
• Enable Enhanced Protected Mode for Internet Explorer 11 and Enable 64-bit Processes for Enhanced Protected Mode.
• Unregister VGX.DLL.(re-register vgx.dll once update available)
• Restrict access to VGX.DLL by modifying the ACL.( revert to the previous ACL configuration once update available)
• Avoid clicking links in email messages.
Earlier this month, the Heartbleed bug, had set alarm bells ringing across the globe, including in India, for fear of exposing millions of passwords, credit card numbers and other sensitive information to hackers.
Just a day before the telecom tribunal's verdict allowing 3G intra-circle roaming services among operators, RCom signed an agreement with Tata Tele and Aircel. A coincidence?
The Telecom Disputes Settlement and Appellate Tribunal (TDSAT) on Tuesday upheld plea of Bharti Airtel, Vodafone and Idea Cellular to provide 3G intra-circle roaming (ICR) services. The telecom tribunal also quashed the cumulative penalty of Rs1,200 crore imposed on them by Department of Telecom (DoT).
The TDSAT said that 3G ICR agreement signed by Airtel, Vodafone and Idea Cellular is not violative of licence agreement. "We are allowing all the petitions," said a TDSAT bench headed by Justice Aftab Alam.
However, interestingly, just on Monday, Reliance Communications (RCom), owned by Anil Ambani, announced strategic inter-circle roaming partnerships with other telecom companies to offer non-stop and best-in-class pan-India 3G services to its GSM customers while roaming.
While the statement issued by RCom does not mention names of its partners, according to media reports, the other two partners in this tri-partite agreement are Tata Teleservices Ltd and Aircel. RCom and Aircel have permits for 3G services in 13 out of 22 service areas while Tata Teleservices has permit in nine circles.
Another interesting fact is earlier in December 2011, both Tata Tele and Aircel had immediately called off their agreements after the Department of Telecom (DoT) issued notice to five operators, including these two. (Govt to telcos to discontinue 3G roaming pacts)
Apart from Tata Tele and Aircel, DoT issued notice to Bharti Airtel, Vodafone and Idea on 23 December 2011 asking them to stop their 3G ICR services within 24 hours and report compliance but the order was challenged by telecom operators.
Airtel, Vodafone and Idea Cellular had approached the Telecom Disputes Settlement and Appellate Tribunal (TDSAT) against DoT order to stop 3G intra-circle roaming agreement under which they had also agreed to acquire customers in area where they did not win spectrum.
Airtel sought access to Vodafone's 3G network in four service area- Maharashtra, Kolkata, Haryana and UP East.
Vodafone accessed six 3G circles of Airtel- Assam, Bihar, Karnataka, North East, Rajasthan and UP West besides seven circles of Idea Cellular- Andhra Pradesh, Himachal Pradesh, Jammu and Kashmir, Kerala, Madhya Pradesh, UP West and Punjab. Idea is yet to start 3G service in Punjab.
Under the agreement, Idea Cellular secured right to provide 3G service using Vodafone's network in Delhi, Tamil Nadu, Chennai and Kolkata.
RCom circles comprise Delhi, Mumbai, Kolkata, Punjab, Rajasthan, Madhya Pradesh, West Bengal, Himachal Pradesh, Bihar, Orissa, Assam, North East, Jammu & Kashmir.
With this agreement, RCom gets access to five uncommon service areas — Andhra Pradesh, Karnataka, Tamil Nadu, Kerala and UP East — where Aircel has presence. Its agreement with TTSL gives it access to Maharashtra, Gujarat, Haryana and UP (West).
The partnership gives Aircel and Tata Teleservices access to the expensive service areas of Delhi and Mumbai where RCom has permits.
Earleir, in July 2012, TDSAT gave split verdict where one of the bench member ruled in favour and other member ordered against it. The two member bench comprising the then TDSAT chairman Justice SB Sinha and member PK Rastogi differed in their findings.
Justice Sinha allowed telecom operators' plea against the government's directive to stop intra circle 3G roaming saying that it was violative of natural justice. Rastogi, however, dismissed telecom operators’ plea saying they cannot provide roaming.
DoT again issued notice to telecom operators asking them to stop 3G ICR service along with penalty cumulatively amounting to about Rs1,200 crore which was quashed by the tribunal.
Telecom operators-Airtel, Vodafone and Idea Cellular then approached Delhi High Court which ruled in favour of DoT's decision to hold the 3G roaming pact of the telecom major as illegal.
Telecom operators then moved the Supreme Court against order of HC and sought that the case be transferred to TDSAT. The SC allowed telecom operators to move their case to TDSAT in September 2013.
Annoucing its exit, the Japanese telco said the spectrum administration in India was confusing and totally unpredictable
Japanese NTT DOCOMO has announced its plans of exercising the option of selling its entire 26.5% stake in Tata Teleservices Ltd (TTSL) by the end of June 2014 if TTSL fails to achieve certain performance targets. The stake sale would mark NTT DOCOMO’s exit from the Indian telecom market.
According to media reports, apart from TTSL itself, some other players like Vodafone could also look to buy these shares. This also implies potentially second consolidation among Indian telcos. Earlier, in February Bharti Airtel tookover Loop.
"NTT DOCOMO’s potential exit again highlights the widely held view of ‘implicit consolidation’ in the market, whereby smaller operators aren’t able to compete, and are still struggling financially. The incumbents continue to benefit from this stability and continue to target further voice price hikes – however, an aggressive launch from Reliance-Jio could slow this," says Nomura in a research note.
Nomura says while it does not see any impact on the market landscape if the stake is bought by TTSL, there could be some concerns in case there is potentially some other buyer regarding what would be its strategy to monetise this investment.
Talking about NTT DOCOMO's exit plan, Nomura said, the Jananese company had five years, which would end in next couple of months, to decide whether to retain its ownership in TTSL.
"Key reasons for the exit appear to be TTSL’s weak performance (lost about 110 basis points (bps) of revenue market share in the last two years), and the uncertainties in the Indian telecom industry," Nomura said.
In its briefing to analysts, NTT DOCOMO management had said, "Initially our attempt was to roll out 3G services as quickly as possible and offer the services that we have cultivated in Japan,in the India market as well… and we thought the things were moving very very smoothly in the beginning but as you know very well this spectrum administration India was so confusing and was beyond our expectation this was totally unpredictable… the license that we had was repelled and our spectrum was taken away and they will redistribute the spectrum but that would incur some money and also in addition to that we had to pay some spectrum utilization money on top of license fee and in India, spectrum was awarded on circle by circle basis and in fact the most congested and most highest traffic circle of New Delhi, we paid for the spectrum but we have not been able to receive the spectrum yet."
"In this environment Tata introduced the 2nd base billing and that was well received and at one point we became the no.4 player by the number of subscribers but rest of the market followed the suit immediately and that resulted in intensified ompetition, so, therefore, Tata is struggling today in making profitable business,” the Japanese telco had said.