homepage Welcome to WebmasterWorld Guest from 54.145.172.149
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Browsers / Microsoft Internet Explorer
Forum Library, Charter, Moderator: open

Microsoft Internet Explorer Forum

    
New Vulnerability Found in Every Single Version of Internet Explorer
bill

WebmasterWorld Administrator bill us a WebmasterWorld Top Contributor of All Time 10+ Year Member Best Post Of The Month



 
Msg#: 4666376 posted 1:38 am on Apr 28, 2014 (gmt 0)

http://gizmodo.com/new-vulnerability-found-in-every-single-version-of-inte-1568383903/+whitsongordon [gizmodo.com]

New Vulnerability Found in Every Single Version of Internet Explorer

According to a confirmation by Microsoft [technet.microsoft.com] late last night, a new zero day vulnerability has been found to affect every version of Internet Explorer. In other words—over a quarter of the entire browser market.

Attacks taking advantage of the vulnerability are largely targeting IE versions 9, 10, and 11 in something called a "use after free" attack. Essentially, the attack corrupts data as soon as memory has been released, most likely after users have been lured to phony websites.


If you're on XP you're out of luck. This is another reminder that if you're still using that OS you shouldn't be using IE.

For the rest of us, Microsoft is expected to release an out-of-cycle security patch to address this.

 

engine

WebmasterWorld Administrator engine us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month



 
Msg#: 4666376 posted 10:53 am on Apr 28, 2014 (gmt 0)

Oh, this is bad news for users of IE, and not good news for Microsoft.

lammert

WebmasterWorld Senior Member lammert us a WebmasterWorld Top Contributor of All Time 5+ Year Member



 
Msg#: 4666376 posted 4:02 pm on Apr 28, 2014 (gmt 0)

The problem is present in IE versions 6 to 11, being the first vulnerability not to be patched in Windows XP. Maybe it works as a wake-up call for people still using XP to access the Internet. For those not willing or able to upgrade their OS, changing to another browser like Chrome or Firefox can be a temporary solution to circumvent vulnerabilities like this one in IE, although it won't protect against vulnerabilities in the OS itself.

bill

WebmasterWorld Administrator bill us a WebmasterWorld Top Contributor of All Time 10+ Year Member Best Post Of The Month



 
Msg#: 4666376 posted 1:44 am on Apr 29, 2014 (gmt 0)

Now we have the U.S. & U.K. governments telling people to stop using Internet Explorer...

http://www.cnet.com/news/stop-using-ie-until-bug-is-fixed-says-us/ [cnet.com]

Stop using Microsoft's IE browser until bug is fixed, US and UK warn

In a rare move that highlights the severity of the security hole in one of the Web's most popular browsers, the US Computer Emergency Readiness Team and its British counterpart tell people to stop using Internet Explorer until Microsoft can fix it.

engine

WebmasterWorld Administrator engine us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month



 
Msg#: 4666376 posted 8:24 am on Apr 29, 2014 (gmt 0)

My latest stats show IE in significant decline. I'm certain the change in Windows 8 made a big difference. Additionally, you cannot help fall over download offers from Chrome and, less so, from Firefox.

How much of that decline will continue as a result of this bug is yet to be proven.

I only use IE for testing, or for the odd site here and there where it only works correctly in IE.

Sgt_Kickaxe

WebmasterWorld Senior Member sgt_kickaxe us a WebmasterWorld Top Contributor of All Time



 
Msg#: 4666376 posted 3:54 pm on Apr 29, 2014 (gmt 0)

If Microsoft needed a reason to allow people to uninstall/remove IE from Windows computers here it is. IE cannot be removed from a windows computer right now even if you don't use it. In older versions you could simply force the IE connection to pass through a lan setting of 0.0.0.0 to disable background connections but in newer versions they have even more redundant fallbacks to get around such disabling attempts. I realize it's "probably" safe on your computer if you don't use it but if you don't use IE then it shouldn't be on there.

There could very well be similar vulnerabilities on any browser platform and you know there are background connections and other various "call home" type features in all of them, it's too tempting/profitable not to build in backdoors these days. Even Amazon did it with their Kindle, and gave themselves up when they reached out and remotely deleted Orwell ebooks people had bought.

drhowarddrfine

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4666376 posted 1:29 am on Apr 30, 2014 (gmt 0)

@lammert The problem has nothing to do with XP. You can't run IE9-11 on XP. The problem exists in every Windows version no matter which version of Windows you use.

Changing to Chrome or Firefox is not a temporary solution but a wise solution. Both are bleeding edge browsers that will always be far more secure than IE could ever hope to be. They're faster and, technically, can run rings around IE while spitting in its face. No one should be using IE.

superclown2

WebmasterWorld Senior Member 5+ Year Member Top Contributors Of The Month



 
Msg#: 4666376 posted 7:12 pm on May 1, 2014 (gmt 0)

So no sign of a patch yet?

lammert

WebmasterWorld Senior Member lammert us a WebmasterWorld Top Contributor of All Time 5+ Year Member



 
Msg#: 4666376 posted 5:24 am on May 2, 2014 (gmt 0)

Yes, there is a sign of a patch, which will also fix IE on XP :)

Microsoft To Patch IE Vulnerability, Even On Windows XP
http://www.webmasterworld.com/msie/4667703.htm [webmasterworld.com]

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Browsers / Microsoft Internet Explorer
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved