internet explorer Critical zero-day bug in Internet Explorer under active attack

[xdot.tk]

Researchers have uncovered active malware attacks that exploit a critical and previously unknown vulnerability in the latest versions of Microsoft's Internet Explorer browser.

http://arstechnica.com/security/2012/09/critical-zero-day-bug-in-microsoft-internet-explorer/

Funny, no mention that IE6 (which I still run to check Windows Update) is vulnerable. :shiftyninja:

[Shane Nokes]

Likely because IE6 is now considered a dead browser.

[neufuse Veteran]

http://arstechnica.c...ernet-explorer/

Funny, no mention that IE6 (which I still run to check Windows Update) is vulnerable. :shiftyninja:

you like living in the past don't you? It's because IE6 is dead, they don't care about it anymore

[+BudMan MVC]

IE6 is still pretty pop in China - 21% Here is a pretty neat little map

http://www.ie6countdown.com/#map

Says US has 0.4% still using ie6 ;)

[Ryster]

IE6 is still pretty pop in China - 21%

China, where most copies of Windows are pirated. So why would MS care? ;)

http://www.zdnet.com/blog/china/report-chinas-software-piracy-rate-falls-to-new-low-of-77/414

[zhangm Supervisor]

China, where most copies of Windows are pirated. So why would MS care? ;)

The fewer botted computers out there, the fewer resources are available to hackers and spammers. Basically, it is in Microsoft's best interest to eliminate vulnerabilities even in pirated software in order to reduce the vectors for launching widespread attacks and suppress spam networks that tax its own services like Hotmail.

[123456789A]

Time to upgrade to Windows 8.

[xdot.tk]

Confirmed. Windows 8 is not affected. MS just released a security advisory.

Executive Summary

Microsoft is investigating public reports of a vulnerability in Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9. Internet Explorer 10 is not affected. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability.

http://technet.microsoft.com/security/advisory/2757760

[Raa]

IE6 isn't supported anymore is it? That's probably why it's not showing up.

[Denis W. Veteran]

Confirmed. Windows 8 is not affected. MS just released a security advisory.

http://technet.micro...dvisory/2757760

Wonder if it applies to just the Metro IE10 or both desktop and Metro. Metro IE10 has a stronger sandbox while the desktop browser uses the same Protected Mode as Vista and 7 (unless you explicitly enable Enhanced Protected Mode).

[+Warwagon MVC]

Sandboxie FTW

[Mockingbird]

http://arstechnica.c...ernet-explorer/

Funny, no mention that IE6 (which I still run to check Windows Update) is vulnerable. :shiftyninja:

Upgrade to IE8 already!

[xdot.tk]

I hate IE8. I only use IE to visit Windows Update. I use FF as my main browser.

[Shane Nokes]

I hate IE8. I only use IE to visit Windows Update. I use FF as my main browser.

Seems you hate just about anything newer than 10-year old. ;)

[xdot.tk]

Not really. I use plenty of up to date software. Just not MS ones. The IE7,8 and 9 layout is horrendous in my opinion. Toolbars and such take up too much real estate.

Anyways, IE is the most targeted browser. I wouldn't use it if I liked it.

[Obi-Wan Kenobi]

Sandboxie FTW

for once, I have to go with warwagon (hope this doesn't reduce my credentials with the interwebs....but he IS right on this one....if you've gotta run IE6, run it in sandboxie, that way it erases when you close the window, and nothing gets lost. Just my two cents, or take it for whatever it's worth....just saying, it really does work well. Saved me a TON of heartache!) And with one single swing, he revives himself, in only a warwagon type of way.

[chrisj1968]

Confirmed. Windows 8 is not affected. MS just released a security advisory.

http://technet.micro...dvisory/2757760

ins't that, the fact that, microsoft Windows 8 isn't affected sorta like the wolf guarding the hen house? why would they admit their latest software is vulnerable? someone on the outside will find the holes. it always happens

[BajiRav]

Not really. I use plenty of up to date software. Just not MS ones. The IE7,8 and 9 layout is horrendous in my opinion. Toolbars and such take up too much real estate.

Anyways, IE is the most targeted browser. I wouldn't use it if I liked it.

IE9 has the smallest chrome of all browsers by default. What are you talking about?

ins't that, the fact that, microsoft Windows 8 isn't affected sorta like the wolf guarding the hen house? why would they admit their latest software is vulnerable? someone on the outside will find the holes. it always happens

What would they gain by doing that? They're pretty straightforward in their security reports - at least more so than Apple who just likes to bury its head in the sand.

Edit: Their latest released is still IE9 though (because IE10 is not GA yet).

[Obi-Wan Kenobi]

IE9 has the smallest chrome of all browsers by default. What are you talking about?

What would they gain by doing that? They're pretty straightforward in their security reports - at least more so than Apple who just likes to bury its head in the sand.

Edit: Their latest released is still IE9 though (because IE10 is not GA yet).

Well, with all due credit, and I'm not bashing anyone, but according to the general consensus here on Neowin and on other sites, 8 was already expected to be another "ME"....so sure, I could see some company covering their a**e* when their recent carnation was under attack, and already ridiculed. Makes perfect sense. Thing is, though, most people are still using their regular every-day computers around here...most of which are more than capable of running 8, or 7 for that matter....it's just that 8 is more tiered toward touchscreen/AIO pc's, whereas 7 is way more flexible...and that's just what I've gathered from the great opinionated folks here at neowin. Personally, I'll run 7 until a possbile "9" comes out, but that's just because I don't have the touchscreen stuff...but everyone's different, and everyone's mileage varies, so I say...unless you've tried 8 out on the correct hardware, don't knock it. Stuff is expensive nowadays, so not everyone has that luxury. :) Can't some of us just agree to disagree and move on?

[BajiRav]

Well, with all due credit, and I'm not bashing anyone, but according to the general consensus here on Neowin and on other sites, 8 was already expected to be another "ME"....so sure, I could see some company covering their a**e* when their recent carnation was under attack, and already ridiculed. Makes perfect sense. Thing is, though, most people are still using their regular every-day computers around here...most of which are more than capable of running 8, or 7 for that matter....it's just that 8 is more tiered toward touchscreen/AIO pc's, whereas 7 is way more flexible...and that's just what I've gathered from the great opinionated folks here at neowin. Personally, I'll run 7 until a possbile "9" comes out, but that's just because I don't have the touchscreen stuff...but everyone's different, and everyone's mileage varies, so I say...unless you've tried 8 out on the correct hardware, don't knock it. Stuff is expensive nowadays, so not everyone has that luxury. :) Can't some of us just agree to disagree and move on?

Microsoft has never (in recent past at least) tried to cover a security vulnerability like that - not even the "flopped" Vista. Don't you think it's possible that they either discovered and fixed it in IE10 or the improvements they made may have automatically removed the bug?

I like how people always default to bad-Microsoft, good-everyone-else with things like this.

p.s. I am not going to go on the OT Windows 8 tangent but I disagree and my non-techie wife is as happy as she was with 7 on her obviously not-made-for-8 Sony vaio (late 2009). The general consensus on Neowin is made of mostly knee-jerk reactions just like it was with UAC. ;) It is actually 50-50 and not a clear sway on any side IMO.

[remixedcat]

Server 2012 is final and has IE10

[Obi-Wan Kenobi]

Microsoft has never (in recent past at least) tried to cover a security vulnerability like that - not even the "flopped" Vista. Don't you think it's possible that they either discovered and fixed it in IE10 or the improvements they made may have automatically removed the bug?

I like how people always default to bad-Microsoft, good-everyone-else with things like this.

p.s. I am not going to go on the OT Windows 8 tangent but I disagree and my non-techie wife is as happy as she was with 7 on her obviously not-made-for-8 Sony vaio (late 2009). The general consensus on Neowin is made of mostly knee-jerk reactions just like it was with UAC. ;) It is actually 50-50 and not a clear sway on any side IMO.

Oh, I know they haven't, and I never said that they did, I was just saying from all of the "h8 windows 8" posts, that the conspiracy people said that they did. I am the type of person that hey...use what you want, or what makes you happy, that's mighty well fine with me...and I agree about the knee-jerk reactions...I agree fully...but some people just simply cannot adapt...and then again, some people just cannot AFFORD to adapt...like myself, in my current situation...so cheer up man...wasn't any kind of personal direct attack, just what I've been observing. I love everyone here, so that includes you too, you know?! :p

[rfirth]

The IE7,8 and 9 layout is horrendous in my opinion. Toolbars and such take up too much real estate.

IE9 takes up less vertical screen space than Google Chrome... and I would guess all other browsers. It's about as minimalist as it gets. And IE9 does it without messing up Aero Snap like Google Chrome does [Try grabbing a full screen Google Chrome window with lots of tabs, and pulling the title bar down to unminimize it].

If you can't figure out how to A) not install toolbars, or B) uninstall any accidentally installed toolbars... that's your own fault.

[remixedcat]

I like how IE9 looks, however I wish it had more addons or I would be using it.

[BajiRav]

Oh, I know they haven't, and I never said that they did, I was just saying from all of the "h8 windows 8" posts, that the conspiracy people said that they did. I am the type of person that hey...use what you want, or what makes you happy, that's mighty well fine with me...and I agree about the knee-jerk reactions...I agree fully...but some people just simply cannot adapt...and then again, some people just cannot AFFORD to adapt...like myself, in my current situation...so cheer up man...wasn't any kind of personal direct attack, just what I've been observing. I love everyone here, so that includes you too, you know?! :p

naah nothing against you either just jaded with the same discussion. all's cool man :p