|
questioning to dp
Anon
2014-Apr-30 9:16 am
to dp
Re: Microsoft releases Security Advisory 2963983said by dp:Updated advisory to clarify workarounds to help prevent exploitation of the vulnerability described in this advisory. Have they got something wrong? They say to unregister vgx.dll. On 32-bit systems : "%SystemRoot%\System32\regsvr32.exe" -u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll" How to undo this workaround : re-register vgx.dll. On 32-bit systems : "%SystemRoot%\System32\regsvr32.exe" -u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll", and then press Enter. To re-register, should you have the "-u" switch? |
|
siljalineI'm lovin' that double wide Premium Member join:2002-10-12 Montreal, QC |
to dp
|
|
siljaline
1 recommendation |
to Dustyn
Re: MS releases Security Advisory 2963983Enhanced Mitigation Experience Toolkit 4.1 Update 1 is available. » www.microsoft.com/en-us/ ··· 90a24fa6 |
|
bbear2 Premium Member join:2003-10-06 dot.earth |
bbear2
Premium Member
2014-Apr-30 3:23 pm
Clicked on the like and went to expand 'details" and received this: We are sorry, the page you requested cannot be found. |
|
EGeezer Premium Member join:2002-08-04 Midwest
1 recommendation |
to siljaline
Re: Microsoft releases Security Advisory 2963983I can only imagine the dazed/panicked looks on average non-technical Windows users when they read the workaround instructions.
I always install Firefox when I set up PCs for people. I sent them the CERT-US notice and the Microsoft KB along with a recommendation to use Firefox if they don't feel confident going through the Microsoft steps. |
|
siljalineI'm lovin' that double wide Premium Member join:2002-10-12 Montreal, QC |
to bbear2
Re: MS releases Security Advisory 2963983EMET Toolkit 4.1 Update 1 *direct* download: » www.microsoft.com/en-us/ ··· id=41138 |
|
|
to questioning
Re: Microsoft releases Security Advisory 2963983said by questioning :How to undo this workaround : re-register vgx.dll.
On 32-bit systems : "%SystemRoot%\System32\regsvr32.exe" -u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll", and then press Enter.
To re-register, should you have the "-u" switch? They've fixed it now. They took the "-u" out. |
|
siljalineI'm lovin' that double wide Premium Member join:2002-10-12 Montreal, QC
3 recommendations |
to Dustyn
Re: MS releases Security Advisory 2963983Out-of-Band Release to Address Microsoft Security Advisory 2963983At approximately 10 a.m. PDT, we will release an out-of-band security update to address the issue affecting Internet Explorer (IE) that was first discussed in Security Advisory 2963983. This update is fully tested and ready for release for all affected versions of the browser. [...]
We have made the decision to issue a security update for Windows XP users. Windows XP is no longer supported by Microsoft, and we continue to encourage customers to migrate to a modern operating system, such as Windows 7 or 8.1. Additionally, customers are encouraged to upgrade to the latest version of Internet Explorer, IE 11. » blogs.technet.com/b/msrc ··· 983.aspx*Hat Tip:* 85160670 |
|
1 recommendation |
Didn't see the XP patch coming. |
|
antdudeMatrix Ant Premium Member join:2001-03-25 US |
antdude
Premium Member
2014-May-1 1:26 pm
said by Millenium:Didn't see the XP patch coming. Neither did I. It looks like XP's IE6 and 64-bit Vista HPE SP2's IE7 needed reboots, but 64-bit W7' IE8 didn't (wow). |
|
1 recommendation |
Though I appreciate Microsoft's decision, I don't think I'm going to reverse course and install the patch. Automatic updates and the service are shut down and an alternate browser is in place.
It'll be short order before the next RCE vulnerability hits. What then? Is Microsoft giving in, or is it just this once? |
|
BlitzenZeusBurnt Out Cynic Premium Member join:2000-01-13
1 recommendation |
Other programs use the IE runtime to display information. You should install that patch. So many programs use IE it's sickening, part of why I hate IE being a runtime for other applications since 98. |
|
1 recommendation |
I hear ya. But two weeks, or a month, I'm right back where I was. |
|
|
siljalineI'm lovin' that double wide Premium Member join:2002-10-12 Montreal, QC |
to Mele20
Re: Microsoft releases Security Advisory 2963983Microsoft Security Bulletin MS14-021 - CriticalSecurity Update for Internet Explorer (2965111) » technet.microsoft.com/en ··· 021.aspxNot adding any personal embellishment as the goal is to have everyone patched |
|
|
to Millenium
Re: MS releases Security Advisory 2963983said by Millenium:Didn't see the XP patch coming. I expected it. There would be a lot of bad press if they did not provide a patch. Not that it matters to me - I dumped my last XP almost a year ago. |
|
2 recommendations |
said by nwrickert:I expected it. There would be a lot of bad press if they did not provide a patch. I applaud them for it! |
|
antdudeMatrix Ant Premium Member join:2001-03-25 US |
to nwrickert
said by nwrickert:said by Millenium:Didn't see the XP patch coming. I expected it. There would be a lot of bad press if they did not provide a patch... But what about the future? |
|
|
said by antdude:But what about the future? They won't do that for most security issues. But they will for security issues that get high public attention, at least until the number of running XP systems diminishes to a point where they can be ignored. |
|
1 edit |
to antdude
Consumerist quoting Microsoft: » consumerist.com/2014/05/ ··· eft-out/quote: Even though Windows XP is no longer supported by Microsoft and is past the time we normally provide security updates, weve decided to provide an update for all versions of Windows XP (including embedded), writes a company exec in todays announcement. We made this exception based on the proximity to the end of support for Windows XP.
This is seemingly, very likely, a one time thing. Unless another 0 day RCE hits right around the corner. Edit: Perhaps nwrickert has it right? It's going to come down to headlines. When they fade, so too does the patches. |
|
|
to Millenium
said by Millenium:said by nwrickert:I expected it. There would be a lot of bad press if they did not provide a patch. I applaud them for it! As do I. First of all, for the moment, I am still using XP and IE. Obviously, I patched my system. Even were I not using what I am this second, I too applaud them, no matter why they did it. They did and that's what counts, IMHO. |
|
|
to Millenium
One wonders what the enterprise and government customers who paid millions for continuing support think about something they paid for being given away for free. But I agree with the other posts who've said you could've seen this coming a thousand miles away, they would capitulate and patch high profile vulns, and they'll do the same for the next one, and the next one. |
|
|
Frodo
Member
2014-May-1 6:17 pm
said by sbconslt: they'll do the same for the next one, and the next one. I'm thinking that the code for this fix matches Win2003, since it involves the browser. I don't see them releasing a fix going forward if there is something wrong with the XP operating system itself, such as driver vulnerabilities and so forth. |
|
siljalineI'm lovin' that double wide Premium Member join:2002-10-12 Montreal, QC |
to jaykaykay
Operation Clandestine Fox Now Attacking Windows XP Using Recently Discovered IE Vulnerabilityquote: Today, FireEye Labs can reveal a newly uncovered version of the attack that specifically targets out-of-life Windows XP machines running IE 8. This means that live attacks exploiting CVE-2014-1776 are now occurring against users of IE 8 through 11 and Windows XP, 7 and 8.
» www.fireeye.com/blog/tec ··· ity.html |
|
|
to Frodo
Line will be drawn somewhere but for the near term the precedent is set. |
|
siljalineI'm lovin' that double wide Premium Member join:2002-10-12 Montreal, QC |
to jaykaykay
|
|
|
That assessment is wrong.
They asked, and answered, the question "In the grand scheme of security issues, will this make enough difference to be worth fixing in X?"
But that's the wrong question. The more important question is "What will it do to Microsoft's image and reputation if they do not patch?" And Microsoft has given their answer to that question. |
|
Mele20 Premium Member join:2001-06-05 Hilo, HI |
to siljaline
Re: Microsoft releases Security Advisory 2963983Would someone please post the link to the download?
I do NOT do automatic updates. I can't find any download link. I get sent in circles instead. I have already complained to Microsoft in feedback links. |
|
rcdaileyDragoonfly Premium Member join:2005-03-29 Rialto, CA 1 edit |
to siljaline
I never thought I'd see another "XP" update, but then this came. I'll have to check the X-ray system tomorrow because that has IE8 on it. It's set to use Chrome for browsing and Immunet for antivirus, at least so long as it is connected to the internet. The other systems have Win7 Pro 64-bit and will probably also need updating, but that should be semi-automatic. I did have to restart this old XP system with the IE8 update, so it seems to me that whether the IE8 patch requires a restart "depends" on which OS version. Then again, what do I know?
Was it Yogi Berra who said "It's ain't over till it's over." ???? |
|
Mele20 Premium Member join:2001-06-05 Hilo, HI |
Mele20
Premium Member
2014-May-2 5:53 am
It does not require restart for IE 10 on Windows 8. However, the download pages says it does require a restart. It did not require it nor was a Restore Point made before the patch was installed so it must be minor fix for IE 10 on Windows 8.0 Pro. |
|
Mele20 |
Mele20
Premium Member
2014-May-2 5:58 am
I finally found the download page. I now have to disable the Proxomitron to get a download page at Microsoft download center. I didn't use to have to do that.
At least, I did not also have to disable Ghostery or Disconnect both of which blocked tracking and ad stuff from Microsoft.
I also got asked to fill out two lengthy surveys for Microsoft Support and Download Center experiences. |
|