ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > Living Room

Microsoft Races To Fix Massive Internet Explorer Hack

(1/8) > >>

crabby3:
I just heard about this yesterday.  This site explains a couple of workarounds.

http://www.forbes.com/sites/gordonkelly/2014/04/28/microsoft-races-to-fix-massive-internet-explorer-hack-no-fix-for-windows-xp-leaves-1-in-4-pcs-exposed/

It appears XP users are basically screwed.   :(

TaoPhoenix:
I just heard about this yesterday.  This site explains a couple of workarounds.

http://www.forbes.com/sites/gordonkelly/2014/04/28/microsoft-races-to-fix-massive-internet-explorer-hack-no-fix-for-windows-xp-leaves-1-in-4-pcs-exposed/

It appears XP users are basically screwed.   :(
-crabby3 (April 29, 2014, 09:31 AM)
--- End quote ---

People wanna comment? Is this massive!?

crabby3:
I just heard about this yesterday.  This site explains a couple of workarounds.

http://www.forbes.com/sites/gordonkelly/2014/04/28/microsoft-races-to-fix-massive-internet-explorer-hack-no-fix-for-windows-xp-leaves-1-in-4-pcs-exposed/

It appears XP users are basically screwed.   :(
-crabby3 (April 29, 2014, 09:31 AM)
--- End quote ---

People wanna comment? Is this massive!?


-TaoPhoenix (April 29, 2014, 11:35 AM)
--- End quote ---

I thought it would have already been posted.  Not many IE users I guess?   :huh:

Stoic Joker:
It appears XP users are basically screwed.-crabby3 (April 29, 2014, 09:31 AM)
--- End quote ---

No, just the ones that read Forbs and believe its over the top sensationalized version of the news.

Let's starts with the title:Microsoft Races To Fix Massive Internet Explorer Hack: No Fix For Windows XP Leaves 1 In 4 PCs Exposed-Forbes
--- End quote ---

This is simply bull shit. It's the same size hole as any other phishing scam level attack vector...and just as easy to spot.

FireEye also revealed a sophisticated hacker group has already been exploiting the flaw in a campaign dubbed  ‘Operation Clandestine Fox’, which targets US military and financial institutions.-Forbes
--- End quote ---

...And by that I'll just assume it to mean the NSA has found an method/reason/excuse to rummage through their sister agency's knickers drawer.

FireEye spokesman Vitor De Souza declined to name the hackers or potential victims as the investigation is ongoing, only telling Reuters: “It’s unclear what the motives of this attack group are at this point. It appears to be broad-spectrum intel gathering.”-Forbes
--- End quote ---

 :-\ I'll just go with world domination by the NSA here ... It's what everybody with any sense is thinking already anyhow.


For its part Microsoft has confirmed the existence of the flaw in an official post. It gave limited information on the bug, but admitted “an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”-Forbes
--- End quote ---

Oh FFS They did not! The exploit give the same rights that are assigned to the current user. If the user ain't an admin then neither is the bugg. Standard security practice here folks...there are reasons for them.


A Temporary Fix
 While Microsoft rushes to fix the bug, FireEye gave concerned users two workarounds .

1. Use another web browser other than Internet Explorer
 2. Disable Adobe Flash. “The attack will not work without Adobe Flash,” it said. “Disabling the Flash plugin within IE will prevent the exploit from functioning.”
-Forbes
--- End quote ---

While not the worst advice I've seen it is still again total bullshit! Flash is the most common target but CERT maintains that other file types can be used in the same fashion. That's why it's an IE bugg, and not a Flash bugg. But hay...no reason to keep the facts straight or anything Because driving off a cliff is perfectly safe as long as you do it backwards, right? Wrong!!!


The remaining drivel is just more idiotically panic toned RUN FOR YOUR LIVES!!!!!!!!!!!!!!!!!!!!! crap directed squarely at XP users ... Even though all MS OS's are equally as vulnerable as their security is configured.

The same basic sound security practices that "work" for Windows 8.1 will still work for XP.

The MS Enhanced Mitigation Experience Toolkit

40hz:
+1 w/Stoic - Once again some breathless reporting directed at the clueless from people that should know enough to do a little more research and editing prior to rushing their article into print.

This is yet another remote code execution vulnerability. It doesn't do anything by itself. In order to be exploited, the IE user needs to be convinced to browse over to a website containing code that's set up to take advantage of the vulnerability. This is nothing new.

It happens. It gets identified. It gets plugged. As all 'zero-days' eventually do. It's all in a day's work for network and security people.

I'm not sure why Forbes felt the need to get so breathless over this one. I guess there's still some residual angst left over from the Mask/Careto story that Forbes is hoping to piggyback on.

 :-\

Navigation

[0] Message Index

[#] Next page

Go to full version