gfxgfx
 
Please login or register.

Login with username, password and session length
 
gfx gfx
gfx
75412 Posts in 13200 Topics by 2641 Members - Latest Member: lokta October 24, 2017, 09:42:05 am
*
gfx*gfx
gfx
WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Microsoft warns of Internet Explorer flaw
gfx
gfxgfx
 

Author Topic: Microsoft warns of Internet Explorer flaw  (Read 679 times)

0 Members and 1 Guest are viewing this topic.

Offline DaBees-Knees

  • WMW Team
  • *****
Microsoft warns of Internet Explorer flaw
« on: April 28, 2014, 09:23:15 am »
http://www.bbc.co.uk/news/technology-27184188

Quote
Microsoft has warned consumers that a vulnerability in its Internet Explorer browser could let hackers gain access and user rights to their computer. The flaw affects Internet Explorer (IE) versions 6 to 11 and Microsoft said it was aware of "limited, targeted attacks" to exploit it. According to NetMarket Share, the IE versions account for more than 50% of global browser market. Microsoft says it is investigating the flaw and will take "appropriate" steps. The firm, which issued a security advisory over the weekend, said the steps "may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs".

XP impact
 
However, the issue may be of special concern to people still using the Windows XP operating system. That is because Microsoft ended official support for that system earlier this month. It means there will be no more official security updates and bug fixes for XP from the firm. Microsoft has suggested businesses and consumers still using the system should upgrade to a newer alternative.

Cyber security firm Symantec said it had carried out tests which confirmed that "the vulnerability crashes Internet Explorer on Windows XP".  "This will be the first zero day vulnerability that will not be patched for Windows XP users," it added. About 30% of all desktops are thought to be still running Windows XP and analysts have previously warned that those users would be vulnerable to attacks from cyber-thieves.

'Complete control'
 
Microsoft said that hackers looking to exploit the flaw could host a "specially crafted website" containing content that can help them do so. However, they would still need to convince users to view the website for them to be able to gain access to their computer. They could do this by getting them to click on a link sent via an email or instant messenger, or by opening an attachment sent through an email. But the firm added that Internet Explorer on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 runs in a restricted mode, which "mitigates this vulnerability".

However, a hacker would have "no way to force users" to view the content. If successful, a hacker could gain the same rights as the computer's current user. "If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system," the firm warned. "An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights." 

Although this is a genuine warning it's quite a coincidence that this has happened just as Microsoft try to get XP users to change.

Offline White Stripes

  • Core
  • *****
  • ***
  • Je suis aimé
Re: Microsoft warns of Internet Explorer flaw
« Reply #1 on: April 28, 2014, 10:35:05 pm »
ppl should have long switched browsers for XP ... before its end of life... IE is a security nightmare and always has been...

btw, its a 45mb update for win7 so it begs the question, how many things needed to be replaced? O.o

Offline GhostShip

  • Ret. WinMX Special Forces
  • WMW Team
  • *****
Re: Microsoft warns of Internet Explorer flaw
« Reply #2 on: April 29, 2014, 12:05:32 am »
I see a mixed message in this, we hear that this crashes IE in one part of the report and in the other that it allows for remote code execution, which is it ?

It seems the sensible advice in all of this is threefold, beware (as usual) of visiting dodgy/unfamiliar sites, run your machine in a reduced "user" mode and choose a third party browser, I think the last part was always something folks undertook anyway as after IE6 MS offerings in that dept always left something to be desired.

Now that XP has reached its end of life you can save yourself some further headaches by not using adobe products as these seem popular backdoors to your machine and try to use third party applications instead of the built in ones as this makes it very annoying for the exploit writer to get a foothold, the attacker would prefer you used popular products so they can use off the shelf attack tools that some developer or security researcher has created, make em work  for their ill gotten gains  :yes:

Offline wonderer

  • MX Hosts
  • *****
  • ***
Re: Microsoft warns of Internet Explorer flaw
« Reply #3 on: April 29, 2014, 07:20:01 am »
is there actually still an internet explorer working on XP?

http://www.smh.com.au/it-pro/security-it/australia-us-uk-advise-avoiding-microsoft-internet-explorer-until-bug-fixed-20140428-zr11i.html

if using windows for day to day things I understand it's safest to use a limited account and only use an administrator account when you need to.

Quote
The Australian, British and US governments have advised computer users to use alternatives to Microsoft's Internet Explorer browser until the company fixes a security flaw that hackers used to launch attacks.

The Internet Explorer bug, disclosed over the weekend, is the first high-profile computer threat to emerge since Microsoft stopped providing security updates for Windows XP earlier this month. That means PCs running the 13-year-old operating system will remain unprotected, even after Microsoft releases updates to defend against it. Until Microsoft does fix the flaw, versions 6 to 11 of Internet Explorer remain vulnerable across all operating systems.

The Department of Homeland Security's US Computer Emergency Readiness Team said in an advisory that the vulnerability could lead to "the complete compromise" of an affected system.
Advertisement

The Australian government's Stay Smart Online alert service said users could deploy two different types of temporary fixes as suggested by Microsoft. But it said a simpler alternative was to download and install a different browser such as Google Chrome or Mozilla Firefox.

The recently established UK National Computer Emergency Response Team issued similar advice to British computer users, saying that in addition to considering alternative browsers, they should make sure their anti-virus software is current and regularly updated.

"An attacker who successfully exploited this vulnerability could take complete control of an affected system," Microsoft said in a security advisory.

"An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."

Offline White Stripes

  • Core
  • *****
  • ***
  • Je suis aimé
Re: Microsoft warns of Internet Explorer flaw
« Reply #5 on: April 29, 2014, 09:43:08 am »
Quote
Now that XP has reached its end of life you can save yourself some further headaches by not using adobe products

but.. but... youtube! .. actually googles progress with html5 has gotten pretty far ahead but some videos still need flash :(

Offline GhostShip

  • Ret. WinMX Special Forces
  • WMW Team
  • *****
Re: Microsoft warns of Internet Explorer flaw
« Reply #6 on: April 29, 2014, 11:46:57 am »
I enjoy youtube myself but whenever I encounter an unwanted site popup site it nearly always has the fake flash player update, and as its nearly being updated every other week that alone suggest some poor programming strategy in terms of general protection for the products end users, it really is the biggest non-MS backdoor to XP that I know of.

Offline wonderer

  • MX Hosts
  • *****
  • ***
Re: Microsoft warns of Internet Explorer flaw
« Reply #7 on: May 01, 2014, 06:14:51 am »
one of the services in windows XP enabled by default and should be disabled and be checked after every update you may install is the remote control service, this should always be stopped.
never install security fixes for programs you do not have installed on your computer.
no need to install fixes for office if you don't have office installed anyway
Microsoft fixes tends to bring more security holes in every fix

counts for every OS in my humble opinion

 

WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Microsoft warns of Internet Explorer flaw
 

gfxgfx
gfx
©2005-2017 WinMXWorld.com. All rights reserved.
SMF 2.0.14 | SMF © 2017, Simple Machines
Page created in 0.044 seconds with 23 queries.
Helios Multi © Bloc
gfx
Powered by MySQL Powered by PHP Valid XHTML 1.0! Valid CSS!