Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Explorer browser security flaw


  • Please log in to reply
7 replies to this topic

#1 jhayz

jhayz

  • BC Advisor
  • 6,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:59 AM

Posted 28 April 2014 - 10:20 PM

Here’s a description of the flaw according to Microsoft’s Tech Security Center:

The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.

 

 

http://www.buzzfeed.com/charliewarzel/a-new-internet-explorer-security-flaw-leaves-one-quarter-of


Tekken
 


BC AdBot (Login to Remove)

 


m

#2 buddy215

buddy215

  • BC Advisor
  • 12,605 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:59 PM

Posted 29 April 2014 - 11:39 AM

Homeland Security is advising not to use IE.

"We are currently unaware of a practical solution to this problem," the Department of Homeland Security's United States Computer Emergency Readiness Team said in a post Monday morning.

It recommended that users and administrators "consider employing an alternative Web browser until an official update is available."

 

FireEye first reported the vulnerability. It says....

"The attack will not work without Adobe Flash," FireEye said. "Disabling the Flash plugin within IE will prevent the exploit from functioning."

While the bug affects all versions of Internet Explorer 6 through 11 it is currently targeting IE9 and IE10, FireEye stated. FireEye said the hackers exploiting the bug are calling their campaign "Operation Clandestine Fox."

 

Symantec says....Rather than directly reach out to a victim, the hackers inject their code into a "normal, everyday website" that the victim visits, he said. Code hidden on the site then infects their computers.

"It's called a watering-hole attack because if you're a lion, you go to the watering hole because you know that's where the animals go to drink."

 

IE 6 thru 11 are vulnerable. XP users will not receive a patch from Microsoft....


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 hispaladin

hispaladin

  • Members
  • 245 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Middle of a corn field
  • Local time:09:59 PM

Posted 30 April 2014 - 10:15 AM

Does anyone know a site where someone such as myself can go to keep up to date on new threats like this?  My company is just now starting to take computer security seriously and I would kinda like to keep on my toes about what is coming.



#4 buddy215

buddy215

  • BC Advisor
  • 12,605 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:59 PM

Posted 30 April 2014 - 10:30 AM

Many sources on the web such as these two:

InfoSec News Summary - Internet Security | SANS ISC   Security reviews, how to advice, and news


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#5 hispaladin

hispaladin

  • Members
  • 245 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Middle of a corn field
  • Local time:09:59 PM

Posted 30 April 2014 - 10:31 AM

Thanks for those, will check them out and bookmark them right away.



#6 chasek929

chasek929

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:59 PM

Posted 01 May 2014 - 10:13 AM

How can I tell if a computer has been affected by this exploit? Is there a scanner i can run?



#7 Stolen

Stolen

  • Members
  • 669 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:59 PM

Posted 01 May 2014 - 10:48 AM

Hello chasek929

 

I do not believe there is a 'scanner' for this issue. As I understand it, anyone who uses Internet Explorer is affected. 

 

The critical vulnerability was discovered in Internet Explorer versions 6, 7, 8, 9, 10 and 11, and Microsoft has not yet provided a solution or patch to resolve the issue.

 

In order to protect your data and systems, you should always be aware of questionable emails and links on websites as well as ensure you have good protection measures in place for your computer (enabling a firewall, updating software and virus definitions, installing antimalware and antivirus software. 

 

There are also other browsers you can use such as Chrome, FireFox, Opera, etc.

 

Keep checking back here for any updates regarding solutions. 



#8 ITGeekGirl

ITGeekGirl

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan
  • Local time:10:59 PM

Posted 01 May 2014 - 03:48 PM

So apparently Microsoft is going to support the OS they swore they were done supporting because of this issue.

 

http://www.reuters.com/article/2014/05/01/us-cybersecurity-microsoft-browser-idUSBREA3Q0PB20140501?feedType=RSS&feedName=topNews

 

*cough*enablers*cough*


Edited by ITGeekGirl, 01 May 2014 - 03:48 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users