Jump to content

Welcome to MSFN Forum
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message will be removed once you have signed in.
Login to Account Create an Account



Photo

Mass hysteria on the interwebs!

- - - - - XP XPArmageddon 2963983

  • Please log in to reply
50 replies to this topic

#1
-X-

-X-

    Member

  • MSFN Sponsor
  • 2,417 posts
  • Joined 08-January 04
  • OS:XP Pro x86
  • Country: Country Flag

Donator

OMG! It's the XP Armageddon come to fruition! I've been reading with joy since yesterday all across Twittersphere and respectable publications about how yesterdays zero-day IE vulnerability has XP users scre*ed for life.

 

Silly peeps. Just read the dam* advisory and unregister vgx.dll or run EMET or disable Flash or update to the patched Flashed(Not 100% sure on this option) released today. Besides, the current attacks are being perpetrated against Vista, Windows 7 and Windows 8/8.1. NOT XP!

 

:puke:

 

EDIT: Forgot to add: See for yourselves #XP #WindowsXP. Time limited links.


Edited by -X-, 02 May 2014 - 08:43 AM.

Download all Windows XP Post SP3 High-Priority Updates with a simple double click @ xdot.tk post-12166-0-42859000-1399044129.png ]
               If someone helps you fix a problem, please report back so they and others can benefit from the solution. Thanks!



How to remove advertisement from MSFN

#2
dencorso

dencorso

    Iuvat plus qui nihil obstat

  • Supervisor
  • 5,926 posts
  • Joined 07-April 07
  • OS:98SE
  • Country: Country Flag

Donator

I've seen no hysteria whatsoever around the places I use to visit on the 'net.

That must be a twitter/facebook phenomenon, as is usual, of late...

 

Now:

 

MS Security Advisory 2963983
"Vulnerability in IE Could Allow Remote Code Execution"
Published: April 26, 2014

 

IMO, MS already knew this and delayed the advisory to some days after their cherished EoS date, just to add to their FUD.

Deregister vgx.dll for now... an unofficial patch of reliable source will soon be available, I'm sure.

What's this "flashed" fix you mentioned? Is there an unofficial patch already available? If so, where?
 



#3
monroe

monroe

    Friend of MSFN

  • MSFN Sponsor
  • 938 posts
  • Joined 21-May 07
  • OS:XP Pro x86
  • Country: Country Flag

Donator

Same here, I heard or read nothing about this until -X- posted about it. I don't do twitter/facebook so I guess I'm screwed for the future!

 

Anyway, on one of the links that -X- posted there is a link to this article dated April 28th Monday. It seems to be the same old thing ... being careful of strange links and e-mails and I suppose use another browser ... I was using IE8 only for monthly updates, so it sits dormant most of the time.

 

From the article: "It is unknown whether Microsoft will backtrack on its support withdrawal to fix the security hole in Internet Explorer on Windows XP."

 

 

Ditch Internet Explorer on XP, Security Experts Warn

 

More than half of all internet users are vulnerable to a serious security bug that means Windows XP is vulnerable to hackers.

 

http://www.theguardi...ty-experts-warn

 

Serious security vulnerability could allow hackers to take control of a Windows computer through Internet Explorer, from version IE6 onwards.

 

Security experts have urged Windows XP users to change browsers owing to a serious bug in Microsoft’s Internet Explorer that could threaten over half of all internet users.

 

The vulnerability is actively being exploited by hackers, Microsoft has warned, and every active version of Internet Explorer is at risk, including IE 6 to IE 11, Windows XP and Windows RT. The bug could allow hackers to gain access to and hijack a Windows computer, including personal data.

 

Microsoft warned that it was “aware of limited, targeted attacks” currently under way using the security hole in Internet Explorer, which is used by over 55% of internet users globally, according to the latest data from research firm Netmarketshare.

 

'Appropriate action to protect our customers'

 

Microsoft issued security advice over the weekend, saying it was investigating the flaw and will take “appropriate action to protect our customers”, including patching the security hole, originally found by security company FireEye.

 

The flaw affects users of Internet Explorer on multiple Windows software versions, including Windows Vista, 7 and the latest Windows 8. But the biggest threat is posed to the 13-year-old Windows XP, which Microsoft recently withdrew support for and is still used on an estimated 430m computers globally.

 

It is unknown whether Microsoft will backtrack on its support withdrawal to fix the security hole in Internet Explorer on Windows XP.

 

'Don’t panic'

 

“Windows XP users shouldn’t panic, but should certainly be aware of the risk and if at all possible switch to an alternative browser,” Rik Ferguson, vice president of security research at Trend Micro, told the Guardian. “If you aren't going to be switching your operating system any time soon, it would be a good idea to make a permanent switch to another browser. That would make the web-facing portion of your browsing activities one that will be actively updated.”

Warnings over an “XPocalypse”, where a flood of security holes were expected once Microsoft’s security support of Windows XP stopped on 8 April, seem to have been overblown but the risk of using a system that is not updated is still real.

“The fact that we’re seeing a vulnerability that affects Windows XP this soon after support has ended indicates that we’re going to see a trickle of security flaws instead, but a strong trickle at that. Criminals and nation states may well have a stock pile of these bugs but they are very unlikely to unleash them in one go,” Ferguson said.

Take complete control

 

Microsoft’s security note explained that hackers looking to take advantage of the bug to take complete control of a user’s computer via Internet Explorer would require users to view a “specially crafted website”.

 

Microsoft advised users to be careful about clicking on suspicious links that could take them to the hacker’s site when browsing, emailing or chatting via instant messenger. The company also explained a series of work arounds that could help protect users, which include installing a Microsoft tool kit that enhances the security of Internet Explorer.

 

“We encourage customers to follow the suggested mitigations outlined in the security advisory while an update is finalised,” a Microsoft spokesperson told the Guardian.


Edited by monroe, 29 April 2014 - 03:23 AM.


#4
5eraph

5eraph

    Update Packrat

  • MSFN Sponsor
  • 1,159 posts
  • Joined 04-July 05
  • OS:XP Pro x64
  • Country: Country Flag

Donator

[...] or update to the patched Flashed(Not 100% sure on this option) released today.

What's this "flashed" fix you mentioned? Is there an unofficial patch already available? If so, where?


I'm pretty sure -X- meant Adobe Flash Player, which has an unrelated vulnerability.

#5
monroe

monroe

    Friend of MSFN

  • MSFN Sponsor
  • 938 posts
  • Joined 21-May 07
  • OS:XP Pro x86
  • Country: Country Flag

Donator

Finding more links in those twitter postings ... this one is dated April 27th

 

This is from the article and it does not mention IE 8, so I don't know.

 

"Security firm FireEye, which revealed the flaw to Microsoft, says that there's evidence of an active exploit targeting Internet Explorer 9 through 11 and Adobe Flash. All Internet Explorer users, regardless of operating system, have a few choices for avoiding this exploit. The easiest method is to use another browser, like Chrome or Firefox (both of which are currently still supported for Windows XP). If you need to stick with Internet Explorer, Microsoft has published some more advanced methods alongside its service advisory, including enabling Enhanced Protected Mode. Regardless of what you do, it's a good a idea to take some action to make sure you're safe from the exploit."

 

Security flaw puts all Internet Explorer users at risk, exposes Windows XP

 

April 27, 2014

 

http://www.theverge....ts-all-versions

 

 



#6
dencorso

dencorso

    Iuvat plus qui nihil obstat

  • Supervisor
  • 5,926 posts
  • Joined 07-April 07
  • OS:98SE
  • Country: Country Flag

Donator

@5eraph: Thanks a lot! You rock! :yes:



#7
Tripredacus

Tripredacus

    K-Mart-ian Legend

  • Super Moderator
  • 9,892 posts
  • Joined 28-April 06
  • OS:Server 2012
  • Country: Country Flag

Donator

OMG! It's the XP Armageddon come to fruition!


ohnoes.gif
MSFN RULES | GimageX HTA for PE 3-5 | lol probloms
msfn2_zpsc37c7153.jpg

#8
-X-

-X-

    Member

  • MSFN Sponsor
  • 2,417 posts
  • Joined 08-January 04
  • OS:XP Pro x86
  • Country: Country Flag

Donator

XP Users Permanently Vulnerable to New Internet Explorer Exploit

Don't say we didn't warn you. Microsoft ended support for Windows XP earlier this month, meaning any new security holes won't be patched. Well, they've found one, and it's a doozy. Affecting Internet Explorer versions from 6.0 through 11, this bug lets the bad guys execute arbitrary code on your system. As soon as you visit a gimmicked website, you're pwned. Other Windows versions will get patched, but not XP.

 

 

 

http://www.securityw...-to-new-exploit


Edited by -X-, 29 April 2014 - 09:11 AM.

Download all Windows XP Post SP3 High-Priority Updates with a simple double click @ xdot.tk post-12166-0-42859000-1399044129.png ]
               If someone helps you fix a problem, please report back so they and others can benefit from the solution. Thanks!


#9
-X-

-X-

    Member

  • MSFN Sponsor
  • 2,417 posts
  • Joined 08-January 04
  • OS:XP Pro x86
  • Country: Country Flag

Donator

Here's one more. There's more but don't feel like looking right now.

 

Serious Internet Explorer flaw puts XP users especially at risk

We hope that you heeded our advice to finally ditch Windows XP in favor of a more modern operating system, because there's a new security exploit that'll leave stubborn XP users in the cold. In a security alert released on Saturday, Microsoft reports that there's a serious vulnerability in Internet Explorer 6 through 11 that could allow hackers to take over your computer remotely if you happen to visit a malicious website. According to security firm FireEye, it has already found evidence of an attack that targets IE 9 through 11 that uses a well-known Flash exploitation technique to gain access to your computer's memory. Microsoft has already said it plans to roll out an IE security update for all modern versions of Windows, but if you're using XP, well, you're out of luck, as support for that 12-year-old OS ended a few weeks ago.

http://www.engadget....curity-exploit/


Edited by -X-, 29 April 2014 - 09:20 AM.

Download all Windows XP Post SP3 High-Priority Updates with a simple double click @ xdot.tk post-12166-0-42859000-1399044129.png ]
               If someone helps you fix a problem, please report back so they and others can benefit from the solution. Thanks!


#10
submix8c

submix8c

    Inconceivable!

  • Patrons
  • 4,306 posts
  • Joined 14-September 05
  • OS:none specified
  • Country: Country Flag

(sigh...)

http://www.msfn.org/...-users-at-risk/

 

Thx for the further info, though.

 

@Trip - :lol:


Someday the tyrants will be unthroned... Jason "Jay" Chasteen; RIP, bro!

Posted Image


#11
-X-

-X-

    Member

  • MSFN Sponsor
  • 2,417 posts
  • Joined 08-January 04
  • OS:XP Pro x86
  • Country: Country Flag

Donator

It's on the front page of here now. Internet Explorer Exploit Leaves XP Users High and Dry


Edited by -X-, 29 April 2014 - 10:10 AM.

Download all Windows XP Post SP3 High-Priority Updates with a simple double click @ xdot.tk post-12166-0-42859000-1399044129.png ]
               If someone helps you fix a problem, please report back so they and others can benefit from the solution. Thanks!


#12
the xt guy

the xt guy

    Member

  • Member
  • PipPip
  • 102 posts
  • Joined 19-July 06
  • OS:XP Pro x86
  • Country: Country Flag

Donator

What all the panicked chicken-littles' are missing is that, as of right now ALL versions of IE on ALL OS are affected. One article states that the Department of Homeland Security is reccomending that people stop using any version of IE. I'm sure that MS knew of this before April 8 and is going to use this to scare as many off XP as possible.

 

I also see some of the column writers are asking "would MS produce an XP patch for this?" Stupids! MS will be providing an XP patch for the governments etc. who are paying for the pricey post April 8 "custom support".

 

Also interesting to read associated articles about the MSE debacle where the April 15 update of MSE crashed some XP computers and left them unbootable. The only solution at the time was to uninstall MSE. While MS did release a corrected file in a few days, those compnies who now tried to reinstall MSE received error messages, stataing that XP was now an unsupported OS!

 

Between the two issues, it seems as if MS will be using whatever dirty tricks it can conjure up, to force as many as possible off of XP. The warning messages of XP demise delivered via Windows Update and offers of $100 off a new Win 8 PC didn't have the desired effect. MS is going to start playing hardball now.


Edited by the xt guy, 29 April 2014 - 10:30 AM.


#13
submix8c

submix8c

    Inconceivable!

  • Patrons
  • 4,306 posts
  • Joined 14-September 05
  • OS:none specified
  • Country: Country Flag

Two places -

http://www.msfn.org/...execution-r9011

http://www.msfn.org/...h-and-dry-r9012

 

And as I noted in the last link I provided - WOW! Note the links I gave within - the intended target (an assumption on their part?) is NOT "consumers". The Vulnerability is ONLY if you're downright STUPID and click a link to ANYWHERE! I wonder what Malware Defender softwares will do about it (or CAN do)?

 

Funny that this came out AFTER XP was EOS. "QUICK! Dump XP NOW! Disregard the fact that the Marketshare is HIGH! DUMP IT!" FUD galore...

 

edit (@xt guy) -

You mean these about MSE?

http://www.msfn.org/...ls-grab-it-now/

http://www.msfn.org/...ws-xp-machines/

 

--- These MS "treats" keep coming and coming. :w00t:


Edited by submix8c, 29 April 2014 - 10:30 AM.

Someday the tyrants will be unthroned... Jason "Jay" Chasteen; RIP, bro!

Posted Image


#14
bphlpt

bphlpt

    MSFN Addict

  • Member
  • PipPipPipPipPipPipPip
  • 1,798 posts
  • Joined 12-May 07
  • OS:none specified
  • Country: Country Flag

But hey, is persuading XP users to no longer use either MSE or any version of IE really a bad thing?  :)  Sounds like good practice to me.

 

Cheers and Regards


Posted Image


#15
letmeindude

letmeindude
  • Member
  • 2 posts
  • Joined 26-June 11
  • OS:XP Pro x86
  • Country: Country Flag
I don't even have vgx.dll. I have IE6, but I don't use it Anyway, where is my vgx.dll? LOL No, seriouslly they say it affects IE6, but is this really true, because I don't have vgx.dll?

#16
-X-

-X-

    Member

  • MSFN Sponsor
  • 2,417 posts
  • Joined 08-January 04
  • OS:XP Pro x86
  • Country: Country Flag

Donator

Don't have anything running IE6 atm but I presume it's the same location.

paste ->  regsvr32 -u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll" into the run box & press OK


Download all Windows XP Post SP3 High-Priority Updates with a simple double click @ xdot.tk post-12166-0-42859000-1399044129.png ]
               If someone helps you fix a problem, please report back so they and others can benefit from the solution. Thanks!


#17
loblo

loblo

    Oldbie

  • Member
  • PipPipPipPipPip
  • 761 posts
  • Joined 12-January 10
  • OS:ME
  • Country: Country Flag

vgx.dll is generally located in ./program files/common files/microsoft shared/vgx.



#18
letmeindude

letmeindude
  • Member
  • 2 posts
  • Joined 26-June 11
  • OS:XP Pro x86
  • Country: Country Flag
I have used Everything (which searches the whole hard drive, in seconds) and it didn't find vgx.dll. I have also manually looked at common files/microsoft shared/ and there is no vgx folder at all, so ... My installation is nLited, so maybe I've removed something which also removed "vgx" thing. EDIT: Yes, it's nLite, because I've just checked one of my backup images, which has nothing removed and there is "vgx" folder and vgx.dll. Solved, thank you both of you.

#19
j7n

j7n

    Member

  • Member
  • PipPip
  • 283 posts
  • Joined 18-December 06
  • OS:XP Pro x86
  • Country: Country Flag
I do have VGX.DLL on my XP system with MSIE 6. According to the properties, this file implements Vector Graphics Rendering (VML), which is of no use to me, because it apparently is entirely separate from SVG, which the browser doesn't display anyway.

Even though I don't "use" MSIE6 to browse web pages, a HTML window is often included, in my opinion unnecessarily, into applications that are not browsers such as the WinRAR Self Extractor, to display formatted text or a license agreement. I suppose some of the browser's vulnerabilities could also be executed there.

Turns out there still is a reason to hate Internet Explorer. But the people in power can of course twist the reality and turn the hate towards XP.

I believe in the offline installer for Internet Explorer (at least 5 and 5.5), the VML component could just be unselected. I remember doing that before because I didn't recognize what it was for. Now of course, the standard is to install all components, thus expanding the attack surface.

Edited by j7n, 29 April 2014 - 03:42 PM.


#20
TrevMUN

TrevMUN

    Junior

  • Member
  • Pip
  • 53 posts
  • Joined 26-March 14
  • OS:XP Pro x64
  • Country: Country Flag

Turns out there still is a reason to hate Internet Explorer. But the people in power can of course twist the reality and turn the hate towards XP.

 

They and the throng of shills buying into the FUD campaign, yeah.

 

"Don't say we didn't warn you! This is why you should have listened to us when we said buy the latest Windows version!!!"

... never mind that there are many other browser alternatives or that all versions of IE are presently vulnerable to the exploit ...



#21
dencorso

dencorso

    Iuvat plus qui nihil obstat

  • Supervisor
  • 5,926 posts
  • Joined 07-April 07
  • OS:98SE
  • Country: Country Flag

Donator

And, BTW, were it so dire, where, pray, is the out-of-band Security Update for those OSes not on EoS (POSReady 2009 and Win 2k3 among them)? I said it before: FUD... but I can say it again: FUD!



#22
jaclaz

jaclaz

    The Finder

  • Developer
  • 14,562 posts
  • Joined 23-July 04
  • OS:none specified
  • Country: Country Flag

... but I can say it again: FUD!

You are not very convincing :w00t:, you should SHOUT: FUD!

 

 

jaclaz



#23
TELVM

TELVM

    Advanced Member

  • Member
  • PipPipPip
  • 303 posts
  • Joined 09-February 12
  • OS:Windows 7 x64
  • Country: Country Flag

AG3OkJxp.png



#24
the xt guy

the xt guy

    Member

  • Member
  • PipPip
  • 102 posts
  • Joined 19-July 06
  • OS:XP Pro x86
  • Country: Country Flag

Donator

Another laugh for the day...article entitled 'Windows XP is a much gereater risk than heartbleed'

http://www.techrepub...han-heartbleed/

Quote from article above: "Keanini summed it up the pervasive threat of Windows XP: "Hunt down expired versions of XP and terminate it!"

So if one night you see a mob outside your window, carrying torches and pitchforks...you've been forewarned

Edited by the xt guy, 30 April 2014 - 12:46 PM.


#25
jaclaz

jaclaz

    The Finder

  • Developer
  • 14,562 posts
  • Joined 23-July 04
  • OS:none specified
  • Country: Country Flag

Another laugh for the day...article entitled 'Windows XP is a much gereater risk than heartbleed'

http://www.techrepub...han-heartbleed/

 

I am surprised Tony Bradley (WHO?!?) 

Full Bio

Tony Bradley is a principal analyst with Bradley Strategy Group. He is a respected authority on technology, and information security. He writes regularly for Forbes, and PCWorld, and contributes to a wide variety of online and print media outlets. He has authored or co-authored a number of books, including Unified Communications for Dummies, Essential Computer Security, and PCI Compliance.

 

And:

http://bradleystrate...out/who-we-are/

 

 

has failed to talk (besides with Mr. TK Keanini, Mr. Tim Erlin and Mr. Scott Kinka) with the reknown expert Armand Gracious :unsure:

http://www.msfn.org/...83-experts-say/

 

;)

 

jaclaz







Also tagged with one or more of these keywords: XP, XPArmageddon, 2963983

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users