Computer Tips -Tech Info

Tag: microsoft internet explorer

  • Microsoft Releasing out of Cycle Patch for Internet Explorer Exploit

    Take a look at the official announcement. They’ve moved outside the usual update cycle for this one. VERY good move Microsoft to get this patch in before the holidays as it looks as though there’s been a spike in the use of this particular exploit and with people doing a lot of home pc browsing over the next two weeks, hopefully they can have a patched Internet Explorer to browse with. These are one more good reason to have an alternative browser such as firefox installed “just in case”. That’s not to say that Firefox is immune to all such security issues, but it is targeted less frequently and perhaps most importantly by DIFFERENT things than Explorer is targeted by. (I should note that version 3.0.5 of firefox is out to address it’s own list of issues.)

    By the way, this Internet Explorer vulnerability is listed as critical for Internet Explorer 5.01 on NT SP4, for Internet Explorer 6 on NT SP4 as well as pretty much every combination of Internet Explorer 6 or Explorer 7 on XP, Server 2003, Vista or Server 2008 AND those using Internet Explorer 8 beta 2 users are encouraged to update to a new release as well. In other words IF you use any currently supported version of Internet Explorer on any currently supported version of Windows you need to make sure this update installs.

  • Fasten your seatbelts – Browser vulnerability a day to be announced in July

    I hope there aren’t too many browser developers that have planned on taking July off….. I ran across browserfun.blogspot.com where it is planned to release information on a web browser vulnerability EACH DAY for the month of July. This comes to us from HD Moore of Metasploit. Judging from This securityfocus article, most of the vulnerabilities may just lead to a browser crash, but some seem to be remote code execution vulnerabilities. Microsoft Internet Explorer is where they found most of them, but other browsers were NOT immune and did find at least one remotely exploitable vulnerability to gain remote access for each browser tested.

    (more…)

  • Disinfecting a PC… part 10

    Before I get things wrapped up, I like to scan rinse and repeat until the scans come up clean. So, this scan of AVG gives a chance to delete the archive entry I mentioned the first pass it took. And spybot get’s updated from the internet and re-runs. All looks clean there… Ad-aware get’s an update check and runs again. Everything there looks clean now. The next thing to do is disable and uninstall tightvnc, I don’t want to leave bhodemon running at boot or the tea-timer from spybot now that things are fairly settled.

    (more…)

  • MS IE Javascript exploit for zero-day (0-day) vulnerability

    An exploit for last weeks zero-day (0-day) javascript vulnerability in Microsoft’s Internet Explorer is in the wild. I saw this post from Sunbelt a couple nights ago go up and disappear, at the time I didn’t have long enough to read it… It’s back today and there are instructions for mitigating the risk. However, there is still no patch from Microsoft and no word on when to expect one. According to the Sunbelt post the exploit in the wild is being used for browser hijacking/spyware install stuff.

    (more…)

  • Internet Explorer zero-day exploit?

    The folks over at The Sans Institute (Incidents.org) are reporting on a possible zero-day ( 0-day ) exploit against Microsoft Internet Explorer. (A zero day exploit is the name given to an exploit of a previously unknown vulnerability.) Their analysis essentially had the machine they were using go to 100% cpu and it did not give the claimed behavior. They’re thinking this may just be an exploit of one of the other vulnerabilities disclosed Tuesday (MS05-038)

    (more…)