Welcome to WebmasterWorld Guest from 54.146.59.202

Forum Moderators: open

Message Too Old, No Replies

Zero Day Threat: Microsoft Security Advisory For IE 6, 7, 8

     
5:54 pm on Nov 3, 2010 (gmt 0)

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month



Zero Day Threat: Microsoft Security Advisory For IE 6, 7, 8 [blogs.technet.com]
Today we released Security Advisory 2458511 to address a new vulnerability that could impact Internet Explorer users if they visit a website hosting malicious code. As of now, the impact of this vulnerability is extremely limited and we are not aware of any affected customers. The exploit code was discovered on a single website which is no longer hosting the malicious code. When a website is discovered to host malicious software, we work through legal channels to take the site down. These kinds of attempts to exploit systems and the people using technology are the activity of criminals. Microsoft takes this very seriously and where possible, we will take legal action against those responsible.

Internet Explorer 9 Beta users are not affected by this issue and any customers who wish to upgrade their browser to this version can do so freely at www.microsoft.com/ie. Impacted versions include Internet Explorer 6, 7 and 8, although our ongoing investigation confirms that default installations of Internet Explorer 8 are unlikely to be exploited by this issue.
7:51 pm on Nov 3, 2010 (gmt 0)

WebmasterWorld Administrator travelin_cat is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Security Advisory 2458511? Does this mean that there have been almost 2.5 million of them since IE came out?

Probably not, but damn funny either way.
5:59 am on Nov 4, 2010 (gmt 0)

WebmasterWorld Senior Member sgt_kickaxe is a WebmasterWorld Top Contributor of All Time 5+ Year Member



A single mysterious site was somehow monitored using mysterious methods and suggests IE6, 7 and 8 users need to switch to 9.

What is this, the second grade rumor mill?
6:11 am on Nov 4, 2010 (gmt 0)

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



The security flaw resides in a part of IE that handles CSS, or Cascading Style Sheets, tags. As a result, the browser under-allocates memory, allowing data to be overwritten in memory vtable pointers. By spraying memory with special data, an attacker can cause IE to execute code.

The report is the latest reminder of the benefits of moving to the latest version of IE or to a different browser altogether. Those who must use IE versions 6 or 7, should consider augmenting it with EMET, Microsoft's tool for locking down older applications. It can be used to add DEP and other security mitigations to a variety of programs, including IE and Adobe Reader.


Not so much rumor mill, but a heads up...

[theregister.co.uk...]
12:50 am on Nov 5, 2010 (gmt 0)

WebmasterWorld Senior Member sgt_kickaxe is a WebmasterWorld Top Contributor of All Time 5+ Year Member



More vagueness even in that article...
'More than a few organizations' hit


I can cause my website to execute code on your monitor too, lol.

IE comes with various methods for over-ride control and auto-updating that IE6 does not have thus making IE6 more secure (albeit against MS and authorities) than IE9 in different ways.

Which is the greater of two evils here? I'd like to see this supposed security flaw reproduced by a credible 3rd party before I listen, that's all.
 

Featured Threads

Hot Threads This Week

Hot Threads This Month