Feeds

back to article Microsoft scrambles to thwart new Internet Explorer 0-day attack

Microsoft has pushed out a temporary fix to defend against a zero-day vulnerability that surfaced in attacks launched last week. The security flaw (CVE-2012-4792) - which affects IE 6, 7 and 8 but not the latest versions of Microsoft's web browser software - allows malware to be dropped onto Windows PCs running the vulnerable …

COMMENTS

This topic is closed for new posts.
Silver badge
Windows

> allows malware to be dropped onto Windows PCs running the vulnerable software

Sure it isn't simply a TIFKAM install?

3
1
Silver badge
Meh

Temporary fix notice from Microsoft = DON'T USE IT!

1
2
Silver badge
Meh

I think you'll find that's a Debian temporary notice.

I've had quite a collection of those over the last eight years or so. MS usually give you something rather than rely on "hey, it was free, you can fucking wait".

4
10

This post has been deleted by a moderator

Silver badge

Re: @Dogged

You sometimes wait but usually no more than a month at the very latest.

FOSS has the issue that a volunteer fixes the issue and you can't really complain about delays, whereas Apple simple deny that any problem exists.

These are the Reg forums, I can swear all I like. And I wasn't trolling; I've kept Debian boxes as webservers of choice for years.

There's nothing to report you for here. However, I believe I'm totally within the House Rules in calling you an unbearable little prick.

18
2
Anonymous Coward

Re: @Dogged

You got caught out breaking the rules, after repeated doing it and repeatedly being asked not to. Don't dress it up as someone else's problem.

0
0
Thumb Down

IE6 / 7

Surely no-one uses Internet Explorer 6 or 7 these days. Surely!

Ah... except the company which *I* work for still does.

2
0

This post has been deleted by a moderator

Silver badge
Boffin

Re: IE6 / 7

People using decades old technology! Grrr!

They are the bane of my existence. Upgrade you Luddites!

1
1
Meh

Re: IE6 / 7

decades old software that works better than new and would cost millions to replace.

Analysis of risk vs cost = why I'm employed

Talk about bane of my existence = f*cking legacy Java apps

0
0

Another one of these bugs that been around for years and never found.

0
0
WTF?

Erm...

...given it's previous sterling security history who still uses Internet Explorer, irrespective of the version? Oh wait, it's those companies/governments who were fucked over with their "bespoke" [read: oh shit my eggs are all in one non standards compliant basket] applications.

On another (kind of related) note, I can't wait to ditch Windows for gaming. Come on Mr Newell, get your bloody finger out!

0
0
Go

Re: Erm...

>On another (kind of related) note, I can't wait to ditch Windows for gaming. Come on Mr Newell, get your >bloody finger out!

Steam for Linux is in open beta with Team Fortress 2 available for download.

0
0

Re: Erm...

Yeah, Team Fortress is good but it's a little old. I realise small steps are required but I would like to see some AAA titles (like Dishonoured) and while I also realise this is down to the game devs themselves, I just hope that Valve are pushing it hard. Personally, I don't want to be forced to use Microsoft products, any longer.

0
0
Coat

Re: Erm...

I spoke with some of the guys I work with.

They list their only use for Microsoft Explorer outside of company mandated usage is to act as an initial tool for downloading a copy of Chrome, Mozilla or Opera.

What a thing!

1
0

This post has been deleted by a moderator

Silver badge

Re: IE zero day exploit

quote: "As I say to my friends, when surfing the net, stick to Firefox, chrome or even opera. IE should be banned as it is little more than a background malware installer with dodgy W3C compliance."

I understand what you are trying to say, however when most of the world use "Firefox, chrome or even opera", then malware will be actively targeting zero-days for Firefox, chrome or even opera, instead of IE.

You can get the Flash plugin for Firefox. Youtube wants users to install Flash when viewed in Firefox. Hello there, malware vector for Firefox, since most users will "just want to look at Youtube and Facebook" and therefore even have NoScript (assuming it's installed at all, since it does not install by default with Firefox) set to allow all on those sites.

You need to include user education in with a swap to an alternate browser, otherwise you're just delaying the malware inevitable :'(

1
0
Facepalm

Re: IE zero day exploit

As I say to my friends, stick to automatic updates and the latest version, and no I can't repair your microwave.

3
1
Silver badge
Facepalm

Re: IE zero day exploit

>I understand what you are trying to say, however when most of the world use "Firefox, chrome or even opera", then malware will be actively targeting zero-days for Firefox, chrome or even opera, instead of IE.

Wow somebody has been living in a hole for the last several years. IE's days of even being the majority browser are long behind it. Noobs and even grandma have gotten the memo. And yes baddies do target the other browsers (with Chrome exploits being especially valuable) but since they largely by default were built for security instead of eliminating rivals so they worry less about things like ActiveX exploits or having unnecessary privileged access to the OS itself.

http://gs.statcounter.com/

3
2

Corporate slowness

They are just starting to role out Windows 7 where I work. That will be with IE8. They are usually behind loading patches, and most likely won't update IE8 to IE9 anytime soon.

1
1
Anonymous Coward

Re: Corporate slowness

Ditto here, only government.

There are critical financial apps which "haven't been tested for compatibility with IE9 or above" and therefore no one wants to jump into an upgrade to the non-vulnerable versions of IE. And of course since IE9 isn't standard on the boxes, the finance apps devs don't want to waste time testing to a version that isn't used. Grrr!!!!!!

0
0

IIRC you can't use any IE version above 8 on XP so best just sit tight if you're one of the many thousands of companies still using it until another stable version hits the shelves.

0
0
Silver badge

I'm shocked!!

I'm very shocked. There is a vulnerability in IE? And it existed back to IE6?

Shocked, I say, shocked!

Of course there are people who insist on wanting IE for all the wrong reasons, and having just talked to a business owner who must use it, a (drum roll) payroll program. Go figure.

He also does stats on what type of browser is used for his web site, and (drum roll) IE wins again. So, yes users ARE stupid!

0
0
Silver badge
Coat

Re: I'm shocked!!

Being a bit of a conservative type, I don't really play around with Microsoft much. However, it certainly sounds like IE can be very exciting, and that does have a certain appeal.

0
0
Bronze badge

Another Flash exploit.

I run a number of different browsers, but apperently this doesn't effect me because I use IE with EMET.

However, I see that it also doesn't effect me because, on work computers, I do not have Flash installed. Is there a current (zero day) exploit using something other than Flash to exploit this bug?

0
0
This topic is closed for new posts.