Big Hole in IE!!!! (Patch is Here, May1!!!)

[Victorian Gray]

You are welcome. If you are interested in applying this fix to a 64-bit version of Windows, add the following command in order to unregister both versions of the dll:

regsvr32 -u "%CommonProgramFiles(x86)%\Microsoft Shared\VGX\vgx.dll"

And again thanks to code65536 for pointing out the incomplete nature of the fix for 64-bit systems.

Thanks, I don't actually use I.E much so I didn't bother for myself but I did pass the info to a couple of other folks who may find the info useful. I'll pass this on as well.

 

[PrincessFrosty]

My take is holes in all MS OSes & browsers are inevitable, ongoing and infinite, and to be expected. But my take, is this one is ESPECIALLY BAD..

It's a bad for sure.

But all OS's and major pieces of software including browsers are found to have security issues throughout history, this nothing specific to MS their OS's or IE nor is there any evidence presented here that they're the worst of the bunch.

 

[Thor86]

Looks like MS could not wait until May's monthly updates cycle as this was pretty bad exploit:

http://forums.anandtech.com/showthread.php?t=2381080

 

[Virgorising]

It's a bad for sure.

But all OS's and major pieces of software including browsers are found to have security issues throughout history, this nothing specific to MS their OS's or IE nor is there any evidence presented here that they're the worst of the bunch.

Nobody said they were or are the worst of the bunch in this. And this has already been addressed. It's moot. Seeing this accurately, and in perspective re seriousness, is the issue.

As I said early , it is entirely atypical, if not actually unique, for wire services and major periodicals to cover some newly discovered vulnerability in a browser. And in this case, that was justified.

I WANT THE PATCH!!!!!! Pulhleazzzze!:'(

 

[Virgorising]

Has anyone seen or heard anything suggesting when we might get a PATCH??? I keep looking for the hotfixes coming in icon in the systray, nothing there......and then, I do the crazy of going to W Updates as if that would accomplish something.

 

[Virgorising]

WAIT!!! IT'S HERE!!!!! IT JUST APPEARED!!!!! The lovely balloon!!!!:biggrin:

I am rebooted and patched. ARE WE SAFE NOW??? Apart from the usual Bing---U should say hide this and it should never come back, but it does.....patch seemed teeny. Like 15.2 MBs only.

http://support.microsoft.com/kb/2964358

 

[Virgorising]

Just caught this:

http://www.huffingtonpost.com/2014/...explorer_n_5248360.html?utm_hp_ref=technology

"Finally," to me, being the operative word.

 

[code65536]

Um, this is damn fast for something without prior disclosure. You need to analyze the flaw, write a patch, code-review the patch, build, test, and validate. For six different versions of IE. For large-scale software projects, this kind of turnaround is very good. Frankly, I'm a little surprised that it was fixed this soon.

People who say "Finally" have never participated in large software engineering projects and have no damn clue what they're talking about.

 

[Virgorising]

Um, this is damn fast for something without prior disclosure. You need to analyze the flaw, write a patch, code-review the patch, build, test, and validate. For six different versions of IE. For large-scale software projects, this kind of turnaround is very good. Frankly, I'm a little surprised that it was fixed this soon.

People who say "Finally" have never participated in large software engineering projects and have no damn clue what they're talking about.

I never once underestimated the challenge of this. I never once felt it was not DAUNTING.

"FINALLY" was a simple, honest expression of my RELIEF. I was hardly alone in that. And, that Huffington---someone who gets paid to cover tech issues--- chose to include the word "finally" in its headline......was neither arbitrary nor the stuff of ignorance.

Pls lighten up.

 

[PowerEngineer]

WAIT!!! IT'S HERE!!!!! IT JUST APPEARED!!!!

Hmmm... It hasn't appeared for me (and I do have 2929437 installed). Maybe it's a hack? Just kidding! I'll keep an eye out to see when it's my turn.

EDIT: I just got it; turns out I had to specifically tell Windows Update to check for updates. Go figure...

 

[Virgorising]

Hmmm... It hasn't appeared for me (and I do have 2929437 installed). Maybe it's a hack? Just kidding! I'll keep an eye out to see when it's my turn.

Wat????? I just looked at yr profile in hopes I might learn where you are. But it don say.

Did U go to Windows Update?

 

[Virgorising]

EDIT: I just got it; turns out I had to specifically tell Windows Update to check for updates. Go figure...

K.....well maybe yr auto updates were just lagging a wee bit. All's well that ends well! And U bet: FINALLY!!!!!!

 

[PowerEngineer]

Wat????? I just looked at yr profile in hope I might learn where you are. But it don say.

Did U go to Windows Update?

See my edited post above. When I brought up Windows Update no important updates were shown. I had to specifically ask it to "check for updates" in order for it to show up. Probably an indicator of just how new the update is. I've installed it.

You may want to update the thread title to indicate that the patch is available now rather than on May 1st.

 

[Virgorising]

See my edited post above. When I brought up Windows Update no important updates were shown. I had to specifically ask it to "check for updates" in order for it to show up. Probably an indicator of just how new the update is. I've installed it.

Yes, I already responded to yr edit. The MS servers must be overloaded.

You may want to update the thread title to indicate that the patch is available now rather than on May 1st

No.....when I chose to update the title, I felt that was important to do.....I chose to give today's date. Here in America, it is May 1. I think I did it in the most efficient way for all.

Obviously, the patch will not disappear anytime after its launch.

 

[code65536]

"FINALLY" was a simple, honest expression of my RELIEF.

What's there to be relieved about? There were plenty of different workarounds. Enable EPM, disable VML, or just use Firefox/Chrome. The only people who were at risk were people who didn't know about the problem and the (easy) workarounds. I, for one, am not even bothering to update: I don't use IE, and I hate rebooting.

 

[Virgorising]

What's there to be relieved about? There were plenty of different workarounds. Enable EPM, disable VML, or just use Firefox/Chrome. The only people who were at risk were people who didn't know about the problem and the (easy) workarounds. I, for one, am not even bothering to update: I don't use IE, and I hate rebooting.

WELLLLLLL...... you are just so much cooler than the rest of humanity!

Takes gonads to feel anxiety/fear....and even more to express those things honestly.

And, sorry you find rebooting an issue.