goinggreek.info

The Agora => UK & World News => Going Geek info => Topic started by: Maik on Monday, 28 April, 2014 @ 19:52:15

Title: IE vulnerability
Post by: Maik on Monday, 28 April, 2014 @ 19:52:15
Quote
Microsoft has warned consumers that a vulnerability in its Internet Explorer browser could let hackers gain access and user rights to their computer.

The flaw affects Internet Explorer (IE) versions 6 to 11 and Microsoft said it was aware of "limited, targeted attacks" to exploit it.

Microsoft says it is investigating the flaw and will take "appropriate" steps.

Microsoft said that hackers looking to exploit the flaw could host a "specially crafted website" containing content that can help them do so.

However, they would still need to convince users to view the website for them to be able to gain access to their computer.

They could do this by getting them to click on a link sent via an email or instant messenger, or by opening an attachment sent through an email.

However, a hacker would have "no way to force users" to view the content.

If successful, a hacker could gain the same rights as the computer's current user.

"If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system," the firm warned.

"An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."
http://www.bbc.com/news/technology-27184188


Quote
In other words, you as a user don’t have to do anything odd to get your Windows computer infected by malware spread via this exploit. All you need to do is visit a website that has been poisoned by the hackers using a version of Internet Explorer.

What you won’t find any mention of in Microsoft’s warning, notably, is Windows XP. That’s not because it’s immune to attack. It’s because, Microsoft released its last ever security patches for Windows XP on April 8 2014.

As such, this is worth saying out loud (or at least in bold): If you are still running Windows XP you will never receive a patch for this zero-day vulnerability.

For now, Microsoft is recommending that Internet Explorer users install its free Enhanced Mitigation Experience Toolkit (EMET) (http://technet.microsoft.com/en-US/security/jj653751) to harden security of Windows systems.

Alternatively, you could consider using an alternative web browser like Chrome, Firefox, Opera, etc…
http://grahamcluley.com/2014/04/new-zero-day-exploit-attack-sees-internet-explorer-firing-line-fix-microsoft-yet/


Quote
IE Exploit will not work without Adobe Flash. So Users are advised to disable the Adobe Flash plugin within IE.
http://thehackernews.com/2014/04/new-zero-day-vulnerability-cve-2014.html


Quote
*    Change your settings for the Internet security zone to high to block ActiveX controls and Active Scripting
*    Change your settings to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone.
http://securitygarden.blogspot.gr/2014/04/security-advisory-2963983-ie-zero-day.html

Title: Re: IE vulnerability
Post by: Maik on Friday, 02 May, 2014 @ 02:37:35
Quote
Microsoft issues emergency security patch for Internet Explorer – even for Windows XP users!
http://grahamcluley.com/2014/05/microsoft-issues-emergency-security-patch-internet-explorer-even-windows-xp-users/
Title: Re: IE vulnerability
Post by: TonyD on Friday, 02 May, 2014 @ 22:12:27
I was just going to post that I'd received an unexpected Automatic Update.
Unexpected because I'm still using XP
Title: Re: IE vulnerability
Post by: Maik on Saturday, 03 May, 2014 @ 01:29:38
Two three things in life are certain: death, taxes and Windows malware. There'll be another along soon.

(Malware, not an XP update)