Jump to content
Sign in to follow this  
nodle

Like you needed another reason not to use IE

Recommended Posts

Microsoft is scrambling to fix a newly found bug in Internet Explorer, which leaves all versions of the browser open to potential attacks.

Hackers have already used the flaw to launch "limited, targeted attacks," Microsoft said a "security advisory" on Saturday.

As with many attacks, hackers can start with methods like convincing users to click on fake websites, Microsoft explained. From there, the glitch could allow attackers to run malicious software on the user's computer -- and even gain the same level of access to the computer as the real user.

It's a serious flaw, and a widespread one: Internet Explorer comprised almost 58 percent of all desktop browsers in March, according to analytics company Net Applications.

Even the Department of Homeland Security weighed in with an advisory on Monday, calling on users to run alternative web browsers until Microsoft is able to fix the problem.

The Internet Explorer issue affects the browser's versions 6 through 11, Microsoft said in its post. Microsoft's response came one day after security company FireEye revealed the flaw in a post on its own site on Friday.

FireEye said attackers are focusing mostly on newer browsers: Internet Explorer versions 9 through 11, which make up about a quarter of all browsers. FireEye dubbed the attacks "Operation Clandestine Fox" and called the flaw "significant."

Microsoft is still investigating the issue, and the company said it may fix the problem through either a scheduled or off-cycle security update.

Until then, Microsoft wrote in a separate blog post, the company recommends typical protection steps like installing anti-virus software and being cautious when visiting websites. Microsoft also suggested using Internet Explorer in "enhanced protected mode" and downloading a "toolkit" to help guard against attacks.

FireEye recommended that users disable Adobe Flash, saying "the attack will not work" in that case.

Those steps could help protect users of newer Windows versions until Microsoft releases a fix. But the glitch is a sobering reminder that no help is coming for users of Windows XP, as Microsoft dropped support of that operating system earlier this month.

Link

Share this post


Link to post
Share on other sites
Like you really posted this for any reason other than to annoy me. Apparently your news feeds are slow, and your browser choices terrible....

Man that took you about 12 minutes to get in here. I was waiting for a defensive post of how IE is the greatest gift to man or something. No I didn't post it to annoy you just spreading the word son.

Share this post


Link to post
Share on other sites

No it says it affects all:

The Internet Explorer issue affects the browser's versions 6 through 11, Microsoft said in its post. Microsoft's response came one day after security company FireEye revealed the flaw in a post on its own site on Friday.

Share this post


Link to post
Share on other sites

Don't feel bad [uSER=6]@ndboarder[/uSER] . Your arch enemy Chrome hasn't been doing very well lately:

[354967] High CVE-2014-1730: Type confusion in V8. Credit to Anonymous.

[349903] High CVE-2014-1731: Type confusion in DOM. Credit to John Butler.

[352851] Medium CVE-2014-1732: Use-after-free in Speech Recognition. Credit to Khalil Zhani

[351103] Medium CVE-2014-1733: Compiler bug in Seccomp-BPF. Credit to [email protected]

As usual, our ongoing internal security work responsible for a wide range of fixes:

[367314] CVE-2014-1734: Various fixes from internal audits, fuzzing and other initiatives.

[359130, 359525, 360429] CVE-2014-1735: Multiple vulnerabilities in V8 fixed in version 3.24.35.33.

Firefox FTW!

Share this post


Link to post
Share on other sites

"It's worse for XP".... No it's not, XP is an antique, if you are still running it you obviously have nothing worth stealing or any personal information that you should be concerned about losing anyway

Share this post


Link to post
Share on other sites

Do you have any clue what goes into fixes? Just asking, because I see this kind of question from many people all over the internet anytime there's something they think needs to be fixed. To me, having done development and being part of a team involved in getting fixes for a product, it's a question that is flat out irritating as it seems you think there's just a magic wand to wave and Presto! its fixed.

I'm sure plenty of people have been working around the clock given the amount of visibility and user base. Depending on the complexity of what it will take to fix, across how ever many versions they patch, it might take a bit. You can't just make a little change and ship an update, there's gotta be a well thought out fix, testing to ensure you don't regress or cause other issues and so forth. It is not a simple process.

Share this post


Link to post
Share on other sites
Do you have any clue what goes into fixes? Just asking, because I see this kind of question from many people all over the internet anytime there's something they think needs to be fixed. To me, having done development and being part of a team involved in getting fixes for a product, it's a question that is flat out irritating as it seems you think there's just a magic wand to wave and Presto! its fixed.

I'm sure plenty of people have been working around the clock given the amount of visibility and user base. Depending on the complexity of what it will take to fix, across how ever many versions they patch, it might take a bit. You can't just make a little change and ship an update, there's gotta be a well thought out fix, testing to ensure you don't regress or cause other issues and so forth. It is not a simple process.

Oh I know it takes alot. But I guess the real question is why was there a problem in the first place and it didn't happen to other browsers? It comes down to the code. Now IE has been out for a long time so granted this is to be expected of the older versions. But I would think 9-10-11 versions wouldn't be affected, but I am sure that they are still building off the original code. So what does this tell me? That the code needs to be re-written from the ground up. I am not really mad at IE and personally it doesn't affect me. But It does affect alot of companies out there that can only run IE. In a business environment even me I would recommend only running IE since it's built in etc. I expected after the first day that Microsoft would had patched this since it effects so many companies. I am sure it's coming but each day is a risk for companies running this. Trust me [uSER=6]@ndboarder[/uSER] I feel bad for those guys scrambling for a fix. You know they have alot of pressure and bad publicity because of this right now. Also lets face it. No one will really be affected by running the older versions. Kinda like the whole Heartbleed thing. People just making a bigger deal out of nothing.

Share this post


Link to post
Share on other sites

Ground up, not likely and not necessary. Then you're looking at a version 1 product with hundreds of bugs. This is true of all software made by all companies. Have you ever seen something fixed immediately? If so, its because you didn't know about the problem until long after the company did and the fix was being worked on for days/weeks/months.

Mostly, I also feel sorry for them, since I have a pretty good idea what there going through and fighting to get something fixed ASAP. I know you know what it's like to have a co-worker/customer ask an asinine question. There's plenty of threads/posts in the vent thread about it. Then here we are "Why isn't this fixed yet" like it should be some super simple thing fixed within hours of anyone knowing a problem exists.

Share this post


Link to post
Share on other sites
Ground up, not likely and not necessary. Then you're looking at a version 1 product with hundreds of bugs. This is true of all software made by all companies. Have you ever seen something fixed immediately? If so, its because you didn't know about the problem until long after the company did and the fix was being worked on for days/weeks/months.

Mostly, I also feel sorry for them, since I have a pretty good idea what there going through and fighting to get something fixed ASAP. I know you know what it's like to have a co-worker/customer ask an asinine question. There's plenty of threads/posts in the vent thread about it. Then here we are "Why isn't this fixed yet" like it should be some super simple thing fixed within hours of anyone knowing a problem exists.

Ya like me and [uSER=21]@C Pav[/uSER] use to say "Better put your robe and wizard hat on".

Share this post


Link to post
Share on other sites

Link for what? The fix? Run Windows Update. Of note, since XP support recently ended, they even went the extra mile and gave XP users one last fix to take care of them too.

If you are instead looking for an article about it or something, here's the first one I got in a simple web search

http://news.msn.com/science-technology/microsoft-releases-emergency-browser-update-xp-users-get-it-too?ocid=ansnews11

Share this post


Link to post
Share on other sites
Link for what? The fix? Run Windows Update. Of note, since XP support recently ended, they even went the extra mile and gave XP users one last fix to take care of them too.

If you are instead looking for an article about it or something, here's the first one I got in a simple web search

http://news.msn.com/science-technology/microsoft-releases-emergency-browser-update-xp-users-get-it-too?ocid=ansnews11

Ok so not a offline manual patch then like a hot-fix? It has to be thought Windows updates? Article doesn't really say. EDIT* does look like Windows updates...

http://blogs.technet.com/b/msrc/archive/2014/05/01/out-of-band-release-to-address-microsoft-security-advisory-2963983.aspx

Share this post


Link to post
Share on other sites

WTF, you don't believe me when I tell you its in windows update? What good would an offline manual patch be, you'd still have to be able to download it and run it. As far as distribution, companies can easily (assuming they have staff that know what they are doing) use Windows Update to push things out to their employees and control when they get the update without having to manually go patch hundreds of machines.

Share this post


Link to post
Share on other sites
WTF, you don't believe me when I tell you its in windows update? What good would an offline manual patch be, you'd still have to be able to download it and run it. As far as distribution, companies can easily (assuming they have staff that know what they are doing) use Windows Update to push things out to their employees and control when they get the update without having to manually go patch hundreds of machines.

There tons of business that turn off Windows Updates and manually patch their systems so that an update won't break their software. In fact almost all the business around here do that. (trust me not the way I would do it). In fact one of the first thing they do after setting up servers or machines is disable Windows Updates.

Share this post


Link to post
Share on other sites

Guess they should learn how to patch correctly then. Do I get automatic updates at work? Only if I manually go make it look for updates, or if it is an update the admins push down through Windows update. They can and should control Windows update at a higher level, where it only installed updates they choose to push to machines. Basically the machines on the network look to their setup, not just the Windows update servers for what to install

Besides, even if its turned off, they have to manually apply updates, that just means the PC doesn't check on its own. They can still go into Windows Update through control panel and force it to go look for updates, then choose what to apply. Simpler than running around manually installing it from a network share or something anyhow

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×