EZRecovery Posted May 27, 2014 Share Posted May 27, 2014 This is the second time in a one-month period that a vulnerability in Microsoft?s Internet Explorer has been exposed.The first one was announced in April, with Microsoft being quick to admit the problem. The company even shared emergency measures that users can take while waiting for the patch to be released officially. That?s over and done with, but yesterday, Zero Day Initiative released details of another Internet Explorer flaw. According to the announcement of Zero Day Initiative, they first heard of the vulnerability back in October of 2013. It was discovered by Belgian researcher Peter Van Eeckhoutte. The Initiative then immediately alerted Microsoft about the issue. By practice, the Initiative does not release such information to the public for about six months after informing the concerned party. This is to give the latter time to release a patch to address the issue. Since it?s been a while since the Internet Explorer vulnerability has been pointed out to Microsoft, the Initiative gave the company notice on May 8 that they would announce the details to the public. It?s now been weeks since, and still nothing from Microsoft, so now we know. (Maybe Microsoft was too busy with the Surface Pro 3.) Specifically, the vulnerability affects Internet Explorer 8, and ?allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.? It is rather surprising that Microsoft has not done anything since they were informed of the flaw, especially considering that Internet Explorer 8 still has 20.85% share of the browser market. This is according to Net Market Share?s April report. If you?re using IE 8, just be extra careful about the sites you visit, as the vulnerability requires the user to visit a page designed to take advantage of the flaw. Every link you receive ? via email, chat message, or whatever ? make sure you trust the source. Else, you just might become a victim of this flaw. Source: http://news.filehippo.com/2014/05/another-internet-explorer-zero-day-flaw-exposed/ Link to comment Share on other sites More sharing options...
Shiranui Posted May 27, 2014 Share Posted May 27, 2014 IE 8 is obsolete on all currently supported OS. Link to comment Share on other sites More sharing options...
+Red King Subscriber² Posted May 27, 2014 Subscriber² Share Posted May 27, 2014 AFAIK Vista supports at most IE9, while W7 and W8 support IE11 Link to comment Share on other sites More sharing options...
+virtorio MVC Posted May 27, 2014 MVC Share Posted May 27, 2014 IE 8 is obsolete on all currently supported OS. Irrelevant, support lifecycle for IE is inherited from whatever OS it's running on and the issue should be fixed. http://support.microsoft.com/lifecycle/default.aspx?LN=en-gb&x=8&y=8&p1=13418 EZRecovery and Hum 2 Share Link to comment Share on other sites More sharing options...
ZonoBurk Posted May 27, 2014 Share Posted May 27, 2014 Unacceptable. Link to comment Share on other sites More sharing options...
Lord Method Man Posted May 27, 2014 Share Posted May 27, 2014 :rolleyes: On the front page a week ago https://www.neowin.net/news/microsoft-has-yet-to-fix-a-known-ie8-zero-day-exploit-after-seven-months And for the umpteenth time, this isn't a zero-day attack. Zero-day attacks are vulnerabilities being exploited before said vulnerability is known to the programmers. This is the opposite - the vulnerability is known, but there are currently no known attacks taking place. Brandon H and xrobwx71 2 Share Link to comment Share on other sites More sharing options...
sinetheo Posted May 27, 2014 Share Posted May 27, 2014 Haha When will people learn to use a real browser Link to comment Share on other sites More sharing options...
Max Norris Posted May 27, 2014 Share Posted May 27, 2014 Irrelevant, support lifecycle for IE is inherited from whatever OS it's running on and the issue should be fixed.All currently supported versions of the operating systems have newer versions of the browser available, never mind a fair number of sites are dropping support for it as well. Unless you have some sort of corporate intranet site that requires it, no real reason to be even using it anymore. If you're still on XP, well, IE8's dead, switch to another browser, while you still can. When will people learn to use a real browserWhich real browser is it that hasn't had vulnerabilities? I'm game to switch to it, hell even Lynx has had code execution vulnerabilities. Link to comment Share on other sites More sharing options...
+virtorio MVC Posted May 27, 2014 MVC Share Posted May 27, 2014 All currently supported versions of the operating systems have newer versions of the browser available, never mind a fair number of sites are dropping support for it as well. Unless you have some sort of corporate intranet site that requires it, no real reason to be even using it anymore. If you're still on XP, well, IE8's dead, switch to another browser, while you still can. And as I said above, that's totally irrelevant. Link to comment Share on other sites More sharing options...
Max Norris Posted May 28, 2014 Share Posted May 28, 2014 And as I said above, that's totally irrelevant.It's completely relevant as there's no good reason to be actually anymore using it when they've updated it multiple times and major web sites are dropping support for it. And after all that, if you read their report, it lists multiple ways to counter the issue, never mind the report clearly says it still requires user interaction to get the thing to work in the first place... you know, the common sense stuff that's been drilled into peoples heads for years, patches can't cure that. Link to comment Share on other sites More sharing options...
Recommended Posts