dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
4886
share rss forum feed


chachazz
Premium
join:2003-12-14
kudos:9
reply to redwolfe_98

Re: IE Zero-Day

Internet Explorer zero-day exploit found on more websites.
»nakedsecurity.sophos.com/2013/01···ebsites/



chachazz
Premium
join:2003-12-14
kudos:9
reply to trparky

Internet Explorer 9 and 10 are not vulnerable to this exploit.


slajoh01

join:2005-04-23

Where I work, we still use IE 8. What should companies urge to do in the meantime while MS decides to roll up the patch for this?

We cannot upgrade to IE 9 or 10.

And also, we not allowed to use Firefox and other browsers either.

The workarounds explained on the MS site, is to extend the Internet/Intranet Security zones to HIGH, and thats no good for the users because IE is then worthless to use....unless adding those sites in the Trusted Zones.

And also, even though if MS decides to roll out the patch on Tuesday, our IT department has to still then delay the patch deployment for about a week in order to test it with our applications.

So what should companies like this do in this case if this is a huge exploit???



trparky
Apple... YUM
Premium,MVM
join:2000-05-24
Cleveland, OH
kudos:2

EMET would be the best bet in that kind of situation.

Expand your moderator at work


therube

join:2004-11-11
Randallstown, MD
Reviews:
·Comcast
·Verizon Online DSL
reply to redwolfe_98

Re: IE Zero-Day

"... Even though a security company has revealed that it had managed to bypass Microsoft’s one-click “Fix it” solution for Internet Explorer 8 and older, the Redmond-based software firm says that users are fully protected if they deploy the patch.

“We’ve reviewed the information and are working on an update, which we will make available to all customers on IE6-8 as soon as it is ready for distribution,” said Dustin Childs, group manager, Microsoft Trustworthy Computing, according to ThreatPost.

“In the meantime, the current Fix it, mitigations and workarounds available in Security Advisory 2794220 fully protect against all known active attacks. We also continue to encourage customers to upgrade their browsers to IE9-10, which are not affected by this issue.”

While Internet Explorer 9 and Internet Explorer 10 are not affected by the issue, security vendors across the globe are confirming that more websites have been compromised in order to exploit the flaw.

“The whole point of the waterhole tactic is that they believe such sites, although usually not with high numbers of users, will have interesting visitors,” said Jindrich Kubec, Avast Virus Lab’s director of Threat Intelligence. “At least two of the sites use the same spyware binary with exactly same configuration. The rest look a bit different, but we haven’t investigated it thoroughly yet.”..."

»news.softpedia.com/news/Microsof···47.shtml



Oleg
Premium
join:2003-12-08
Birmingham, AL
kudos:2
reply to redwolfe_98

Just checked Windows Updates, and 9 security updates were listed.


slajoh01

join:2005-04-23

3 edits

1 recommendation

Will MS ever roll out this patch in the near future for IE 8?

Thanks!!!



Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
kudos:3
Reviews:
·Frontier Communi..

1 recommendation

reply to redwolfe_98

As with all software patches, from all sources, they'll roll out a patch when and if they're ready. First they have to determine the scope of the causal factors, then find fixes that don't break things, then test against all manner of system setups. Each step takes time to be done properly, and little can be accomplished by trying to do the steps in parallel.
--
“The American Republic will endure until the day Congress discovers that it can bribe the public with the public's money.” A. de Tocqueville



antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:4
Reviews:
·Time Warner Cable

said by Blackbird:

As with all software patches, from all sources, they'll roll out a patch when and if they're ready. First they have to determine the scope of the causal factors, then find fixes that don't break things, then test against all manner of system setups. Each step takes time to be done properly, and little can be accomplished by trying to do the steps in parallel.

Yep, don't rush them. We don't want a buggy release.
--
Ant @ AQFL.net and AntFarm.ma.cx. Please do not IM/e-mail me for technical support. Use this forum or better, »community.norton.com ! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer.


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

1 recommendation

reply to redwolfe_98

IE is being patched Mon Jan 14th

»Microsoft Security Bulletin Advance Notification for 14th!
--
Don't feed trolls--it only makes them grow!