Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New hole in Internet Explorer already under attack to hijack PCs


  • Please log in to reply
17 replies to this topic

#1 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 11,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:06:50 AM

Posted 28 April 2014 - 04:12 AM

Internet Explorer 6 through 11 are all at risk, on all current versions of Windows from Vista to 8 and Windows Server 2003 to 2012 R2. The bug is thought to be present in IE on Windows XP, although that operating system is no longer supported.

http://www.theregister.co.uk/2014/04/27/oops_we_did_it_again_microsoft_warns_of_ie_zero_day/


Edited by NickAu1, 28 April 2014 - 04:15 AM.


BC AdBot (Login to Remove)

 


m

#2 x64

x64

  • Members
  • 352 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London UK
  • Local time:07:50 PM

Posted 28 April 2014 - 07:07 AM

 

Internet Explorer 6 through 11 are all at risk, on all current versions of Windows from Vista to 8 and Windows Server 2003 to 2012 R2. The bug is thought to be present in IE on Windows XP, although that operating system is no longer supported.

http://www.theregister.co.uk/2014/04/27/oops_we_did_it_again_microsoft_warns_of_ie_zero_day/

 

The fact that Windows 2003 is in that list, pretty much confirms that XP would be if it was still supported.

 

Without this, XP would probably have been as protectected had recently been through until the next patch Tuesday (13th May), but this brings its final party to an end two weeks earlier than that.(I suppose that some might argue that if they don't use IE for browsing and don't have it set as the default web browser, then they can eek a little more lifeout of the old beast - however given the reliance that XP and Office have on IE components, that is d dodgy strategy)

 

x64



#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,581 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:50 PM

Posted 28 April 2014 - 03:49 PM

Windows XP users should have installed and started using an alternate browser at this point. Since Microsoft ended support and XP can only use an outdated Internet Explorer browser...there really is no reason to continue to use it.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,581 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:50 PM

Posted 28 April 2014 - 05:38 PM

More info here.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Crazy Cat

Crazy Cat

  • Members
  • 808 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lunatic Asylum
  • Local time:07:50 AM

Posted 28 April 2014 - 07:57 PM

Ditch Internet Explorer on XP, security experts warn. http://www.theguardian.com/technology/2014/apr/28/internet-explorer-xp-security-experts-warn

Microsoft is aware of limited, targeted attacks that attempt to exploit a vulnerability in Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11. https://technet.microsoft.com/en-US/library/security/2963983
 

Two things are infinite: the universe and human stupidity; and I'm not sure about the universe. ― Albert Einstein ― Insanity is doing the same thing, over and over again, but expecting different results.

 

InternetDefenseLeague-footer-badge.png


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,581 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:50 PM

Posted 28 April 2014 - 08:19 PM

IE6 was the default browser that shipped with Windows XP back in 2001...I can't believe anyone is still using it but some folks are just clueless. :wink:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 technonymous

technonymous

  • Members
  • 2,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:50 AM

Posted 30 April 2014 - 03:38 AM

I keep trying to get the realtor office to realize lol.



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,581 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:50 PM

Posted 30 April 2014 - 06:20 AM

"You can enlighten someone with knowledge but you can’t make them use it....some folks just have to learn the hard way"
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 x64

x64

  • Members
  • 352 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London UK
  • Local time:07:50 PM

Posted 01 May 2014 - 12:43 PM

Well I never!.. Microsoft will patch XP on this occasion as well...

 

http://blogs.technet.com/b/msrc/archive/2014/05/01/out-of-band-release-to-address-microsoft-security-advisory-2963983.aspx

 

x64

 

(Link fixed - thks xXToffeeXx)


Edited by x64, 01 May 2014 - 01:08 PM.


#10 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:07:50 PM

Posted 01 May 2014 - 12:53 PM

Your link leads to this topic by the way.

 

It's definitely good Microsoft will patch XP.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,581 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:50 PM

Posted 01 May 2014 - 04:54 PM

The majority of customers have automatic updates enabled and will not need to take any action because protections will be downloaded and installed automatically...We have made the decision to issue a security update for Windows XP users.

TechNet Blog does not say if XP users must manually download and install or if it will be available via automatic updates.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 palerider2

palerider2

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:50 AM

Posted 01 May 2014 - 05:50 PM

Well I never!.. Microsoft will patch XP on this occasion as well...

 

 

I guess Microsoft thought that XP would last a little bit longer than 2 weeks before a new vulnerability arose. It will be interesting to see if they patch the next one if it crops up sooner rather than later.

 

If people are being warned about IE problems in national newspapers you'd think that was high enough profile for them to notice and then at least use a different free browser. For some folk that's a big learning curve though and it may come down to getting someone else to install the free browser for them.

 

I recall the last time I used IE, probably IE8, back in 2009. Massive security problems existed but there wasn't any high-profile coverage at that time.


Edited by palerider2, 01 May 2014 - 05:51 PM.


#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,581 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:50 PM

Posted 01 May 2014 - 06:08 PM

Microsoft has said that the Malicious Software Removal Tool (MSRT) will continue to be updated and deployed via Windows Update through July 14, 2015. Microsoft advised they are doing this to have a weapon available in case massive malware outbreaks hit Windows XP users after support ends. MSRT, however, does not fix IE or OS vulnerabilities.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 palerider2

palerider2

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:50 AM

Posted 01 May 2014 - 06:33 PM

Microsoft has said that the Malicious Software Removal Tool (MSRT) will continue to be updated and deployed via Windows Update through July 14, 2015. Microsoft advised they are doing this to have a weapon available in case massive malware outbreaks hit Windows XP users after support ends. MSRT, however, does not fix IE or OS vulnerabilities.

 

I didn't know that. But it makes sense. Imagine if several hundred thousand PCs could be infected and directed to perform a DOS attack once XP goes out of support. Anyone with a web service must be thinking: how do we defend against that ? But the risk will reduce over time as people quit using XP on their internet-connected PCs.



#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,581 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:50 PM

Posted 01 May 2014 - 06:39 PM

The link to that info is here: Microsoft retains weapon to silently scrub XP
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users