Internet Explorer Zero Day Vulnerability

Forums › Microsoft Windows › Internet Explorer Zero Day Vulnerability

freitasm

BDFL - Memuneh
79314 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#109333 18-Sep-2012 13:06

It appears an Internet Explorer zero day vulnerability is being exploited in the wild now.

If you're using Internet Explorer 7, Internet Explorer 8 or Internet Explorer 9 make sure your AV is up-to-date. Or switch browsers.

Details here and here.

Note that switching browsers doesn't mean your new browser doesn't have other vulnerability - no software is 100% secure anyway.

freitasm

BDFL - Memuneh
79314 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#687806 18-Sep-2012 17:01

And here is the Microsoft Advisory (KB2757760).

billgates

4705 posts

Uber Geek

Trusted

#687811 18-Sep-2012 17:16

You can also install the EMET tool to protect from remote hackers exploiting this flaw.

http://www.microsoft.com/en-us/download/details.aspx?id=29851

Do whatever you want to do man.

gzt

17159 posts

Uber Geek

Lifetime subscriber

#687831 18-Sep-2012 17:54

Related to the recommendation in the US-CERT article - are not DEP + ASLR already enabled by default in 2K8 and later OS and IE8 forward?

It would be unusual if they were not enabled on those systems already right?

I'd find out but I'm still clearing space to virtualise windows on my mac ; ).

mattwnz

20172 posts

Uber Geek

#687838 18-Sep-2012 18:11

billgates: You can also install the EMET tool to protect from remote hackers exploiting this flaw.

http://www.microsoft.com/en-us/download/details.aspx?id=29851

I wonder why microsoft aren't pushing this update through as a windows update.

freitasm

BDFL - Memuneh
79314 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#687840 18-Sep-2012 18:15

Because that is not the update to fix it, but a tool to harden the system.

johnr

19282 posts

Uber Geek
Inactive user

#687852 18-Sep-2012 19:19

Would this not be covered under the CGA and you get sent a brand new computer?

:-P

gzt

17159 posts

Uber Geek

Lifetime subscriber

#687868 18-Sep-2012 19:58

Microsoft advisory note is out..

http://technet.microsoft.com/en-us/security/advisory/2757760

"On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs"

expect a patch.

Sharesies

Trade NZ and US shares and funds with Sharesies (affiliate link).

billgates

4705 posts

Uber Geek

Trusted

#688962 20-Sep-2012 17:16

An update will be made available this friday via windows update but those who wish to fix it now, can download and run the fix it tool today.

http://support.microsoft.com/kb/2757760

Do whatever you want to do man.

billgates

4705 posts

Uber Geek

Trusted

#688969 20-Sep-2012 17:25

btw. this vulnerability does not affects IE10. so for those on windows 8. need not worry

Do whatever you want to do man.

nathan

5695 posts

Uber Geek
Inactive user

#688972 20-Sep-2012 17:27

billgates: An update will be made available this friday via windows update but those who wish to fix it now, can download and run the fix it tool today.

http://support.microsoft.com/kb/2757760

Saturday it will be in our time zone :)

billgates

4705 posts

Uber Geek

Trusted

#688973 20-Sep-2012 17:28

ah yes sorry. the good old time zone.

Do whatever you want to do man.