Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Explorer 0-day exploit


  • Please log in to reply
4 replies to this topic

#1 Romeo29

Romeo29

    Learning To Bleep


  • Members
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:12:11 PM

Posted 15 January 2010 - 12:53 PM

After Google and Adobe suggested to Microsoft, Microsoft checked and has confirmed that there is a 0-day exploit in Internet Explorer 6, 7 and 8. Security researchers from McAfee have told that this exploit was used by Chinese hackers to hack Google network, Adobe network and other 32 organizations recently (after which Google said about leaving China). Microsoft has not mentioned if they will make a patch available quickly or customers will have to wait for regular patch day till February 9.

What you can do till MS releases a patch :
1. Turn on DEP in Internet Explorer. (on in IE8 by default). Microsoft fix-it tool : http://support.microsoft.com/kb/979352
2. Run IE in Protected Mode in Vista and 7. (Enable for every Zone in IE Options > Security)
3. Change Internet zone Security settings to High in IE.
4. Use Sandboxie to browse online. This way an attack cannot alter system files.
5. Try using an alternative browser.

Sources :
http://blogs.technet.com/msrc/archive/2010...ory-979352.aspx
http://www.microsoft.com/technet/security/...ory/979352.mspx
http://siblog.mcafee.com/cto/operation-%E2...-google-others/
http://www.theregister.co.uk/2010/01/14/cy...sault_followup/

UPDATE : Microsoft has released emergency patch on 21st January.
If you have auto-update enabled, it will be installed automatically. You can also manually download the patch from http://www.microsoft.com/technet/security/...n/ms10-002.mspx
(adding this updated information, in case people get confused about using Internet Explorer after reading this post)

Edited by Romeo29, 22 January 2010 - 08:24 PM.


BC AdBot (Login to Remove)

 


#2 Romeo29

Romeo29

    Learning To Bleep

  • Topic Starter

  • Members
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:12:11 PM

Posted 17 January 2010 - 10:31 PM

German government warns against using MS Explorer

The German government has warned web users to find an alternative browser to Internet Explorer to protect security. The warning from the Federal Office for Information Security comes after Microsoft admitted IE was the weak link in recent attacks on Google's systems.


http://news.bbc.co.uk/2/hi/technology/8463516.stm

#3 Layback Bear

Layback Bear

  • Members
  • 1,880 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Ohio
  • Local time:12:11 PM

Posted 07 February 2010 - 10:47 AM

I just got around to reading this and watching the video from BBC. Hopefully the patch will be here in a coupe of days, (9th Feb). Thanks for keep us informed Romeo29.

#4 Romeo29

Romeo29

    Learning To Bleep

  • Topic Starter

  • Members
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:12:11 PM

Posted 07 February 2010 - 11:21 AM

Layback Bear, Patch was released on 21st January 2010. See the Updated section in post #1.

#5 Layback Bear

Layback Bear

  • Members
  • 1,880 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Ohio
  • Local time:12:11 PM

Posted 07 February 2010 - 11:40 AM

Thanks I missed it. Got it now.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users