Like Tree1Likes
  • 1 Post By hackerman1

Thread: New 0-day vulnerability in Internet Explorer !

  1. #1
    hackerman1 is offline Moderator
    Join Date
    Dec 2008
    Location
    Sweden
    Posts
    1,525

    Default New 0-day vulnerability in Internet Explorer !

    Microsoft Security Advisory 2963983

    Vulnerability in Internet Explorer Could Allow Remote Code Execution

    "Microsoft is aware of limited, targeted attacks that attempt to exploit a vulnerability in Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11.

    The vulnerability is a remote code execution vulnerability.
    The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated.
    The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer.
    An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.
    "
    https://technet.microsoft.com/en-US/...curity/2963983


    "Mitigation
    Using EMET may break the exploit in your environment and prevent it from successfully controlling your computer.
    EMET versions 4.1 and 5.0 break (and/or detect) the exploit in our tests.
    Enhanced Protected Mode in IE breaks the exploit in our tests.
    EPM was introduced in IE10.
    Additionally, the attack will not work without Adobe Flash.
    Disabling the Flash plugin within IE will prevent the exploit from functioning.
    "
    New Zero-Day Exploit targeting Internet Explorer Versions 9 through 11 Identified in Targeted Attacks | FireEye Blog


    Microsoft releases Security Advisory 2963983 - MSRC - Site Home - TechNet Blogs

    http://krebsonsecurity.com/2014/04/m...n-ie-zero-day/
    Last edited by hackerman1; 28th April 2014 at 06:51.
    HappyAndyK likes this.

  2. #2
    HappyAndyK's Avatar
    HappyAndyK is offline Site Administrator
    Join Date
    Jun 2008
    Posts
    7,257

    Default

    Posted about this on TWCN. This sure could mean trouble for Windows XP users.

  3. #3
    hackerman1 is offline Moderator
    Join Date
    Dec 2008
    Location
    Sweden
    Posts
    1,525

    Default

    Quote Originally Posted by HappyAndyK View Post
    Posted about this on TWCN. This sure could mean trouble for Windows XP users.
    Hi Andy !

    Yes, I looked at your post.
    But, the title: "Critical zero-day vulnerability in Internet Explorer exposes Windows XP to risks " is very misleading.
    You should consider changing it.

    Why ?
    Because if a user takes just a quick look at your post they get the impression that this affects only XP.
    So if they are not using XP they might stop reading, ignoring the important information.

    All operating systems with those versions of IE are affected.
    Not just XP.
    But there will be no fix for XP....
    Last edited by hackerman1; 28th April 2014 at 17:37.

  4. #4
    HappyAndyK's Avatar
    HappyAndyK is offline Site Administrator
    Join Date
    Jun 2008
    Posts
    7,257

    Default

    This has been explained in the post:

    Microsoft is expected to release a patch for this vulnerability very soon. But it will be available for supported operating systems. It will not be available for Windows XP as this operating system is no longer supported. This will leave Windows XP users exposed to risks.

  5. #5
    hackerman1 is offline Moderator
    Join Date
    Dec 2008
    Location
    Sweden
    Posts
    1,525

    Default

    Quote Originally Posted by HappyAndyK View Post
    This has been explained in the post:

    Microsoft is expected to release a patch for this vulnerability very soon. But it will be available for supported operating systems. It will not be available for Windows XP as this operating system is no longer supported. This will leave Windows XP users exposed to risks.


    Yes, but as I said above: the title is misleading.
    Those not using XP might not read the post, as they see XP in the title and then thinks it doesn´t concern them.
    They will not see the explanation...
    Last edited by hackerman1; 29th April 2014 at 04:06.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Log in

Log in

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22