| reply to redwolfe_98
Re: IE Zero-Day Internet Explorer zero-day exploit found on more websites.
»nakedsecurity.sophos.com/2013/01···ebsites/ |
|
|
|
| reply to trparky
Internet Explorer 9 and 10 are not vulnerable to this exploit. |
|
| Where I work, we still use IE 8. What should companies urge to do in the meantime while MS decides to roll up the patch for this?
We cannot upgrade to IE 9 or 10.
And also, we not allowed to use Firefox and other browsers either.
The workarounds explained on the MS site, is to extend the Internet/Intranet Security zones to HIGH, and thats no good for the users because IE is then worthless to use....unless adding those sites in the Trusted Zones.
And also, even though if MS decides to roll out the patch on Tuesday, our IT department has to still then delay the patch deployment for about a week in order to test it with our applications.
So what should companies like this do in this case if this is a huge exploit??? |
|
 trparkyApple... YUMPremium,MVM
join:2000-05-24
Cleveland, OH
kudos:2 | EMET would be the best bet in that kind of situation. |
|
 therube
join:2004-11-11
Randallstown, MD | reply to redwolfe_98
Re: IE Zero-Day "... Even though a security company has revealed that it had managed to bypass Microsoft’s one-click “Fix it” solution for Internet Explorer 8 and older, the Redmond-based software firm says that users are fully protected if they deploy the patch.
“We’ve reviewed the information and are working on an update, which we will make available to all customers on IE6-8 as soon as it is ready for distribution,” said Dustin Childs, group manager, Microsoft Trustworthy Computing, according to ThreatPost.
“In the meantime, the current Fix it, mitigations and workarounds available in Security Advisory 2794220 fully protect against all known active attacks. We also continue to encourage customers to upgrade their browsers to IE9-10, which are not affected by this issue.”
While Internet Explorer 9 and Internet Explorer 10 are not affected by the issue, security vendors across the globe are confirming that more websites have been compromised in order to exploit the flaw.
“The whole point of the waterhole tactic is that they believe such sites, although usually not with high numbers of users, will have interesting visitors,” said Jindrich Kubec, Avast Virus Lab’s director of Threat Intelligence. “At least two of the sites use the same spyware binary with exactly same configuration. The rest look a bit different, but we haven’t investigated it thoroughly yet.”..."
»news.softpedia.com/news/Microsof···47.shtml |
|
 OlegBellsouth FastaccessPremium
join:2003-12-08
Birmingham, AL
kudos:2 | reply to redwolfe_98
Just checked Windows Updates, and 9 security updates were listed. |
|
3 edits | Will MS ever roll out this patch in the near future for IE 8?
Thanks!!! |
|
 BlackbirdBuilt for SpeedPremium
join:2005-01-14
Fort Wayne, IN
kudos:3
 ·Frontier Communi..
| reply to redwolfe_98
As with all software patches, from all sources, they'll roll out a patch when and if they're ready. First they have to determine the scope of the causal factors, then find fixes that don't break things, then test against all manner of system setups. Each step takes time to be done properly, and little can be accomplished by trying to do the steps in parallel.
--
“The American Republic will endure until the day Congress discovers that it can bribe the public with the public's money.” A. de Tocqueville |
|
 antdudeA Ninja AntPremium,VIP
join:2001-03-25
United State
kudos:4
 ·RoadRunner Cable
| said by Blackbird:As with all software patches, from all sources, they'll roll out a patch when and if they're ready. First they have to determine the scope of the causal factors, then find fixes that don't break things, then test against all manner of system setups. Each step takes time to be done properly, and little can be accomplished by trying to do the steps in parallel.
Yep, don't rush them. We don't want a buggy release.
--
Ant @ AQFL.net and AntFarm.ma.cx. Please do not IM/e-mail me for technical support. Use this forum or better, »community.norton.com ! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer. |
|
 StuartMWWho Is John Galt?Premium
join:2000-08-06
Galt's Gulch
kudos:2
·CenturyLink
| reply to redwolfe_98
IE is being patched Mon Jan 14th
»Microsoft Security Bulletin Advance Notification for 14th!
--
Don't feed trolls--it only makes them grow! |
|
