Heads up IE users


Recommended Posts

Heads Up IE Users

 

Department of Homeland Security advises avoiding Internet Explorer until bug fixed
 
 
 
By Jim Finkle, Reuters
Posted April 28, 2014, at 11:18 a.m.
 
BOSTON ? The U.S. Department of Homeland Security advised computer users to consider using alternatives to Microsoft Corp?s Internet Explorer browser until the company fixes a security flaw that hackers have used to launch attacks.
 
The bug is the first high-profile security flaw to emerge since Microsoft stopped providing security updates for Windows XP earlier this month. That means PCs running the 13-year old operating system could remain unprotected against hackers seeking to exploit the newly uncovered flaw, even after Microsoft figures out how to defend against it.
 
The United States Computer Emergency Readiness Team, a part of Homeland Security known as US-CERT, said in an advisory released on Monday morning that the vulnerability in versions 6 to 11 of Internet Explorer could lead to ?the complete compromise? of an affected system.
 
?We are currently unaware of a practical solution to this problem,? Carnegie Mellon?s Software Engineering Institute warned in a separate advisory, that US-CERT linked to in its warning.
 
Versions 6 to 11 of Internet Explorer dominate desktop browsing, accounting for 55 percent of the PC browser market, according to tech research firm NetMarketShare. Google Inc?s Chrome and Mozilla?s Firefox account for the majority of the rest of the traffic.
 
News of the vulnerability surfaced over the weekend as Microsoft said its programmers were rushing to fix the problem as quickly as possible. Cybersecurity software maker FireEye Inc warned that a sophisticated group of hackers have been exploiting the bug in a campaign dubbed ?Operation Clandestine Fox.?
 
FireEye, whose Mandiant division helps companies respond to cyber attacks, declined to name specific victims or identify the group of hackers, saying that an investigation into the matter is still active.
 
?It?s a campaign of targeted attacks seemingly against U.S.-based firms, currently tied to defense and financial sectors,? said FireEye spokesman Vitor De Souza on Sunday. ?It?s unclear what the motives of this attack group are, at this point. It appears to be broad-spectrum intel gathering.?
 
In addition to possibly switching to an alternative web browser, US-CERT advised businesses to consider using a free Microsoft security tool known as EMET, or the Enhanced Mitigation Experience Toolkit, to thwart potential attacks. Security experts say EMET is helpful in staving off attacks, but businesses are sometimes reluctant to use it because it can cause systems to crash due to incompatibility with some software programs.
 
 

I use chrome...thank you very much.....I know not every browser is 100% safe but chrome is better

Link to comment
Share on other sites

"Chrome is better" :laugh:

 

Chrome's latest security fixes:


[354967] High CVE-2014-1730: Type confusion in V8. Credit to Anonymous.
[349903] High CVE-2014-1731: Type confusion in DOM. Credit to John Butler.
[352851] Medium CVE-2014-1732: Use-after-free in Speech Recognition. Credit to Khalil Zhani
[351103] Medium CVE-2014-1733: Compiler bug in Seccomp-BPF. Credit to jln@panix.org

As usual, our ongoing internal security work responsible for a wide range of fixes:
[367314] CVE-2014-1734: Various fixes from internal audits, fuzzing and other initiatives.
[359130, 359525, 360429] CVE-2014-1735: Multiple vulnerabilities in V8 fixed in version 3.24.35.33.

 

Now why the hell didn't precious DoHS warn users to stop using precious Chrome until fixes for these bugs were released?

Link to comment
Share on other sites

But IE10 and IE11 are not at risk, put them in 64bit mode (as Microsoft suggests) and run EMET (as Microsoft suggests).

Another reason why Microsoft should make EMET part of Windows, blabla compatibility but EMET can exclude apps from the security settings.

The moment MS does this... the amount of exploits and malware infestations on Windows will plummet.

Link to comment
Share on other sites

I read this twice and i don't see where it differentiates between Chrome and IE. Also, it only is good for computers in 2012 that had it's own software PSI installed? What about all others? 

 

"To asses how exposed endpoints are, we analyze the types 

of products typically found on an endpoint. For this analysis 
we use anonymous data gathered from scans throughout 
2012 of the millions of private computers which have the 
Secunia Personal Software Inspector (PSI) installed."
Link to comment
Share on other sites

well if you look over the internet every browser has it ups and downs...I  like chrome because I have had very very little trouble with it for what i do on the net

Link to comment
Share on other sites

Uhm, for the matter of fact, there are more vulnerabilities found in Chrome ALL TIME than in Internet Explorer, and IE is 13 years older then Chrome! Google should be shamed! After all, this one isn't much to worry about, as you're very unlikely to be hit by it.

  • Like 2
Link to comment
Share on other sites

People shouldn't even be using old versions of IE in the first place, I wish IE updates were mandatory so that we wouldn't have to be concern over such things.

Link to comment
Share on other sites

well if you look over the internet every browser has it ups and downs...I  like chrome because I have had very very little trouble with it for what i do on the net

 

Got to love the reversal from "stay away from Microsoft because they are horrible with security" to "oh well, everyone has problems" once it is shown that Microsoft is not the worst, but your favorite is.

Link to comment
Share on other sites

link6155, on 28 Apr 2014 - 20:39, said:

People shouldn't even be using old versions of IE in the first place, I wish IE updates were mandatory so that we wouldn't have to be concern over such things.

IE updates ARE mandatory.

Link to comment
Share on other sites

tell that to all the businesses still running IE8 or lower (not strictly talking XP either)

 

That is the business itself controlling the updates. So it is their own fault.

Link to comment
Share on other sites

People shouldn't even be using old versions of IE in the first place, I wish IE updates were mandatory so that we wouldn't have to be concern over such things.

 

Lots have to use older versions of IE. Vista, an OS currenrly still supported by MS, cannot install anything higher than IE9. Not to mention all the stuff that wont work with newer browser in businesses.

Link to comment
Share on other sites

This topic is now closed to further replies.