Jump to content

Welcome to MSFN Forum
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message will be removed once you have signed in.
Login to Account Create an Account


Photo

Internet Explorer bug puts quarter of web users at risk

- - - - -

  • Please log in to reply
4 replies to this topic

#1
LostInSpace2012

LostInSpace2012

    Senior Member

  • Member
  • PipPipPipPip
  • 520 posts
  • OS:ME
  • Country: Country Flag

Donator

http://www.dailymail...XP-browser.html

Microsoft Corp is rushing to fix a bug in its widely used Internet Explorer web browser after a computer security firm disclosed the flaw over the weekend, saying hackers have already exploited it in attacks on some U.S. companies.

Microsoft disclosed on Saturday its plans to fix the bug, which targets Internet Explorer versions 9 through 11.

Those versions take up 26.25 percent of the browser market, according to FireEye, the cybersecurity software company that caught the bug.

The bug, however, reportedly affects versions 6 through 11. Together, those versions dominate desktop browsing, accounting for 55 percent of the PC browser market, according to tech research firm NetMarketShare.

PCs running Windows XP will not receive any updates fixing that bug when they are released, however, because Microsoft stopped supporting the 13-year-old operating system earlier this month.

Security firms estimate that between 15 and 25 percent of the world's PCs still run Windows XP.

FireEye Inc said that a sophisticated group of hackers have been exploiting the bug in a campaign dubbed 'Operation Clandestine Fox.'

FireEye, whose Mandiant division helps companies respond to cyber attacks, declined to name specific victims or identify the group of hackers, saying that an investigation into the matter is still active. It described the hackers as 'extremely proficient at lateral movement' and 'difficult to track.'

'It's a campaign of targeted attacks seemingly against U.S.-based firms, currently tied to defense and financial sectors,' FireEye spokesman Vitor De Souza said via email. 'It's unclear what the motives of this attack group are, at this point. It appears to be broad-spectrum intel gathering.'

He declined to elaborate, though he said one way to protect against them would be to switch to another browser.

Microsoft said in the advisory that the vulnerability could allow a hacker to take complete control of an affected system, then do things such as viewing changing, or deleting data, installing malicious programs, or creating accounts that would give hackers full user rights.

FireEye and Microsoft have not provided much information about the security flaw or the approach that hackers could use to figure out how to exploit it, said Aviv Raff, chief technology officer of cybersecurity firm Seculert.

Yet other groups of hackers are now racing to learn more about it so they can launch similar attacks before Microsoft prepares a security update, Raff said.

'Microsoft should move fast,' he said. 'This will snowball.'

Still, he cautioned that Windows XP users will not benefit from that update since Microsoft has just halted support for that product.

The software maker said in a statement to Reuters that it advises Windows XP users to upgrade to one of two most recently versions of its operating system, Windows 7 or 8.


XP users set to miss out on IE patch
http://www.zdnet.com...tch-7000028820/

Edited by LostInSpace2012, 28 April 2014 - 06:34 AM.



How to remove advertisement from MSFN

#2
vinifera

vinifera

    <°)))><

  • Member
  • PipPipPipPipPip
  • 954 posts
  • OS:Windows 7 x86
  • Country: Country Flag

thats why you DON'T use IE in 1st place


If you want true Windows user experience
try Longhorn builds: 3718, 4029, 4066

#3
Tripredacus

Tripredacus

    K-Mart-ian Legend

  • Super Moderator
  • 9,706 posts
  • OS:Server 2012
  • Country: Country Flag

Donator

So are they saying that an XP PC will receive no updates at all, even for the software that is installed? I always figured that IE and Office updates could potentially still show up, even if no OS updates were being made.


MSFN RULES | GimageX HTA for PE 3.x | lol probloms
msfn2_zpsc37c7153.jpg

#4
submix8c

submix8c

    Inconceivable!

  • Patrons
  • 4,194 posts
  • OS:none specified
  • Country: Country Flag

Agreed!

 

However (from above)

 

It's a campaign of targeted attacks seemingly against U.S.-based firms, currently tied to defense and financial sectors

of which the "common user" is not.

 

But 2nd link

 

"An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website."

So just don't "go there". ;)

 

Strange wording for this vulnerability, isn't it?

 

edit (@Trip) - That appears to be what they're saying. BUT, maybe there's a possibility since Server 2003 also "comes with IE6" that perhaps it can be obtained and cross-installed? :unsure:


Edited by submix8c, 28 April 2014 - 08:27 AM.

Someday the tyrants will be unthroned... Jason "Jay" Chasteen; RIP, bro!

Posted Image


#5
larryb123456

larryb123456

    Confused but Happy

  • Member
  • PipPipPipPipPip
  • 708 posts
  • OS:Windows 7 x86
  • Country: Country Flag

Donator

I'm sorry, LostInSpace2012, et al,

but I just don't understand what the reasons for concern are.

 

As everyone knows, *all* of Microsoft's products are infallible,

and this latest so-called "problem"

will turn out to be a blessing in disguise for all mankind,

I'm sure.

 

Larry


Edited by larryb123456, 28 April 2014 - 10:11 AM.

new_MSFN_static_signature.jpg

 

" What we achieve inwardly will change outer reality."  Plutarch

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users



How to remove advertisement from MSFN