Author Topic: IE vulnerability  (Read 4947 times)

0 Members and 1 Guest are viewing this topic.

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35164
IE vulnerability
« on: Monday, 28 April, 2014 @ 19:52:15 »
Quote
Microsoft has warned consumers that a vulnerability in its Internet Explorer browser could let hackers gain access and user rights to their computer.

The flaw affects Internet Explorer (IE) versions 6 to 11 and Microsoft said it was aware of "limited, targeted attacks" to exploit it.

Microsoft says it is investigating the flaw and will take "appropriate" steps.

Microsoft said that hackers looking to exploit the flaw could host a "specially crafted website" containing content that can help them do so.

However, they would still need to convince users to view the website for them to be able to gain access to their computer.

They could do this by getting them to click on a link sent via an email or instant messenger, or by opening an attachment sent through an email.

However, a hacker would have "no way to force users" to view the content.

If successful, a hacker could gain the same rights as the computer's current user.

"If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system," the firm warned.

"An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."
http://www.bbc.com/news/technology-27184188


Quote
In other words, you as a user don’t have to do anything odd to get your Windows computer infected by malware spread via this exploit. All you need to do is visit a website that has been poisoned by the hackers using a version of Internet Explorer.

What you won’t find any mention of in Microsoft’s warning, notably, is Windows XP. That’s not because it’s immune to attack. It’s because, Microsoft released its last ever security patches for Windows XP on April 8 2014.

As such, this is worth saying out loud (or at least in bold): If you are still running Windows XP you will never receive a patch for this zero-day vulnerability.

For now, Microsoft is recommending that Internet Explorer users install its free Enhanced Mitigation Experience Toolkit (EMET) to harden security of Windows systems.

Alternatively, you could consider using an alternative web browser like Chrome, Firefox, Opera, etc…
http://grahamcluley.com/2014/04/new-zero-day-exploit-attack-sees-internet-explorer-firing-line-fix-microsoft-yet/


Quote
IE Exploit will not work without Adobe Flash. So Users are advised to disable the Adobe Flash plugin within IE.
http://thehackernews.com/2014/04/new-zero-day-vulnerability-cve-2014.html


Quote
*    Change your settings for the Internet security zone to high to block ActiveX controls and Active Scripting
*    Change your settings to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone.
http://securitygarden.blogspot.gr/2014/04/security-advisory-2963983-ie-zero-day.html


Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35164
Re: IE vulnerability
« Reply #1 on: Friday, 02 May, 2014 @ 02:37:35 »
Quote
Microsoft issues emergency security patch for Internet Explorer – even for Windows XP users!
http://grahamcluley.com/2014/05/microsoft-issues-emergency-security-patch-internet-explorer-even-windows-xp-users/

Offline TonyD

  • Forum Deity
  • *****
  • Posts: 616
Re: IE vulnerability
« Reply #2 on: Friday, 02 May, 2014 @ 22:12:27 »
I was just going to post that I'd received an unexpected Automatic Update.
Unexpected because I'm still using XP

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35164
Re: IE vulnerability
« Reply #3 on: Saturday, 03 May, 2014 @ 01:29:38 »
Two three things in life are certain: death, taxes and Windows malware. There'll be another along soon.

(Malware, not an XP update)