New exploit affects all versions of IE, from 6 to 11. XP gets patch after all!

[VirtualLarry]

Well, it's the beginning of the end for XP. Now NO versions of IE running on XP are safe anymore.

XP holdouts, enjoy your unsupported, exploit-ridden OS.

http://www.zdnet.com/governments-ur...o-switch-browsers-until-fix-found-7000028869/

Edit: Seems XP is actually getting a patch. Amazing!

 

[blurredvision]

Anyone know if a website exists for a user to check if their IE is affected? Similar to how the heartbleed check sites were.

 

[ninaholic37]

Finally! I've been waiting since April 8th to hear something entertaining to go along with the XP "doom and gloom" posts. Although this only seems to affect IE (which I never use) it's a good start, keep these informative warnings coming!

I wiped my hard drive clean of Windows and am now running Linux and MS-Dos (the best Microsoft OS?) on dual-boot. :thumbsup:

 

[blurredvision]

I wiped my hard drive clean of Windows and am now running Linux and MS-Dos (the best Microsoft OS?) on dual-boot. :thumbsup:

And you entered an IE thread to tell us this?

 

[smakme7757]

Anyone know if a website exists for a user to check if their IE is affected? Similar to how the heartbleed check sites were.

All modern versions of IE are affected it's a flaw in the browser. However you can use Microsoft EMET or enable IE Protection mode to stay safe from the vulnerability.

 

[blurredvision]

All modern versions of IE are affected it's a flaw in the browser. However you can use Microsoft EMET or enable IE Protection mode to stay safe from the vulnerability.

I understand this, I'm just wondering if there is a site that would easily allow end-users to see if they are affected or not, specifically after Microsoft releases a fix.

 

[nemesismk2]

It's a good thing i have not used microsoft explorer for years it seems.

 

[akugami]

Why is nothing being said about Flash? Why only news saying that it's a problem with IE? No Flash, no exploit. Maybe bugs/exploits using Flash is so common now that nobody bats an eye anymore?

 

[stockwiz]

I still remember installing the windows xp beta so many years ago back when I was a youngin... I still remember the release candidate build number... 2505... memories.

 

[uallas5]

Why is nothing being said about Flash? Why only news saying that it's a problem with IE? No Flash, no exploit. Maybe bugs/exploits using Flash is so common now that nobody bats an eye anymore?

+1

 

[ninaholic37]

Why is nothing being said about Flash? Why only news saying that it's a problem with IE? No Flash, no exploit. Maybe bugs/exploits using Flash is so common now that nobody bats an eye anymore?

If the exploit is in Flash, wouldn't that mean that a patch for Flash could fix it for all Windows versions?

According to this, the problem is more in the way IE specially handles Flash though: http://nakedsecurity.sophos.com/201...edges-in-the-wild-internet-explorer-zero-day/

Note that the bug isn't in Flash, so this is not something Adobe can fix, nor its it Adobe's fault.

It's just that using specially crafted Flash files can help attackers prepare the contents of the memory on your computer in order to make a successful attack possible.

That means you can turn off what Microsoft calls Active Scripting in your browser (or set IE to prompt you before Active Scripts like Flash run), and increase your resilience against this latest attack.

Also, according to Microsoft, you can stop this attack by telling Windows to turn off an Internet Explorer extension called VGX.DLL.

The file VGX.DLL (a DLL is just a special sort of executable file) provides support for VML (Vector Markup Language), and vector graphics rendering, in IE.

Still, I wonder if Adobe could block specific scripts in Flash somehow before they are passed to the browser...

 

[Remobz]

I got rid of XP and IE about 4 months ago. Glad I did the move

 

[Ketchup]

First that I saw of this was two days ago here:
http://www.dailykos.com/story/2014/...-to-impersonate-known-websites-to-steal-data#

And yesterday I saw that Flash had been updated to 13.0.0.206. Their security bulletin is here:
http://helpx.adobe.com/security/products/flash-player/apsb14-13.html
Some description of the vulnerability is here:
http://www.computerworld.com/s/article/9247962/Adobe_s_Flash_Player_gets_an_emergency_update
Now these fixes may be totally separate issues, but at least the timing is interesting.

There has been an active discussion about this topic over here:
http://forums.anandtech.com/showthread.php?t=2380408

 

[crashtech]

The fix is pretty easy:

32-bit Windows:

regsvr32 -u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"

64-bit Windows:

regsvr32 -u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"
regsvr32 -u "%CommonProgramFiles(x86)%\Microsoft Shared\VGX\vgx.dll"

Unregisters the never-used VML renderer, which stops this particular exploit.

 

[blurredvision]

Update issued:

http://blogs.technet.com/b/microsof...g-internet-explorer-and-driving-security.aspx

They're giving love to XP.

 

[Fred B]

By a miracle the update KB2964358 appeared in XP windows update , think it is a good job to give a Little updates to xp :thumbsup:

 

[nemesismk2]

it was a very unexpected but welcome security update for windows xp.

 

[Underclocked]

Just got this from Windows Update

Security Update for Internet Explorer 11 for Windows 8.1 for x64-based Systems (KB2964358)

Installation date: ‎5/‎1/‎2014 6:27 PM Installation status: Succeeded

Update type: Important

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

I didn't have to restart.

 

[JEDIYoda]

Just got this from Windows Update

Security Update for Internet Explorer 11 for Windows 8.1 for x64-based Systems (KB2964358)

Installation date: ‎5/‎1/‎2014 6:27 PM Installation status: Succeeded

Update type: Important

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

I didn't have to restart.

The issue is that it is NOT a update for windows XP...it is an update for IE...not XP as an OS!!

 

[JEDIYoda]

it was a very unexpected but welcome security update for windows xp.

technically it`s not exclusive to XP and it is for almost all version of IE....

 

[zir_blazer]

The issue is that it is NOT a update for windows XP...it is an update for IE...not XP as an OS!!

This. But lets be honest, this is no biggie. Mid-2000s IE was already hyper exploitable, and that's when Firefox started to grown in popularity and market share. If you're a WXP user, you should have left IE aeons ago.

 

[nemesismk2]

technically it`s not exclusive to XP and it is for almost all version of IE....

i had internet explorer 8 (which has just been patched with windows xp) and also in 2009 when i first bought windows 7 which was kinda odd to go from windows xp to windows 7 and still use internet explorer 8. lol yes i had already decided to ditch internet explorer 8 and replaced it with firefox.

 

[escrow4]

The point is MS is not supposed to touch XP or IE on XP. Just let it rot.

 

[pw257008]

The point is MS is not supposed to touch XP or IE on XP. Just let it rot.

infected XP computers endanger healthy non-XP computers. XP users are sort of like parents who don't get their kids vaccinated.

 

[DaveR]

Strange, I downloaded the file for XP Pro 32 bit...KB2964358, and when I tried to run it, it said my version of IE was not correct. I have IE8.06.001.18702, it is supposed to work. Anyone know what is wrong?