Zero Day Exploit: Every Version of Internet Explorer

DeathmageDeathmage Banned Posts: 2,496

Comments

  • lsud00dlsud00d Member Posts: 1,571
    FireEye advises disabling the Adobe (ADBE) Flash plugin

    What's new /rollseyes
  • 5ekurity5ekurity Member Posts: 346 ■■■□□□□□□□
    Being used in targeted attacks right now; most APT actors are going after technology / financial sectors so those organizations should be on high alert.
  • YFZbluYFZblu Member Posts: 1,462 ■■■■■■■■□□
    And it will never be patched on XP, obviously. Let it begin.
  • DeathmageDeathmage Banned Posts: 2,496
    YFZblu wrote: »
    And it will never be patched on XP, obviously. Let it begin.

    I ponder if this is a ploy to make people upgrade from XP.....
  • YFZbluYFZblu Member Posts: 1,462 ■■■■■■■■□□
    Except, this vulnerability isn't exclusive to Windows XP. There's no guarantee people are patching out there..
  • Jamm1nJamm1n Member Posts: 106 ■■■□□□□□□□
    Its for all versions not just XP, also people need to move on from XP regardless.
  • wes allenwes allen Member Posts: 540 ■■■■■□□□□□
    I hope this pushes people, esp those with XP, to deploy EMET.
  • Cert PoorCert Poor Member Posts: 240 ■■■□□□□□□□
    Specifically it's affecting IE versions 6 - 11. When did 6 come out, over 10 years ago?
    In progress: MTA: Database Fundamentals (98-364)
    Next up: CompTIA Cloud Essentials+ (CLO-002) or LPI Linux Essentials (010-160)
    Earned: CompTIA A+, Net+, Sec+, Server+, Proj+
    ITIL-F v3 2011 | ServiceNow CSA, CAD, CIS | CWNP CWTS
  • W StewartW Stewart Member Posts: 794 ■■■■□□□□□□
    YFZblu wrote: »
    Except, this vulnerability isn't exclusive to Windows XP. There's no guarantee people are patching out there..

    It's not specific to Windows XP but obviously Microsoft is going to release a security update to fix this vulnerability and unless you explicitly configured your system not to run automatic updates then high priority security updates like this one should still run. Unless of course, you're running Windows XP.
    Being a sys admin sucks but I love it
  • BryzeyBryzey Member Posts: 260
  • Master Of PuppetsMaster Of Puppets Member Posts: 1,210
    Bryzey wrote: »
    People still use IE?

    Good :D I was starting to think that I'm the only one who is wondering about that.
    Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.
  • wes allenwes allen Member Posts: 540 ■■■■■□□□□□
    Bryzey wrote: »
    People still use IE?

    People, maybe a few that do. But there are many, many large enterprises out there with software that only works with IE, and usually only older versions like 8. And probably some old version of Java that can't be updated without breaking something critical as well.
  • DeathmageDeathmage Banned Posts: 2,496
    Bryzey wrote: »
    People still use IE?

    The day Source Forge releases a working ADM/ADMX template for Firefox/Chrome is the day I no longer use IE at my job or any job. But since IE, as far as I know, is the only browser you can control via GPO sadly it will be sticking around....

    Mainly only large corporations with extensive use of GPO's still use IE.
  • W StewartW Stewart Member Posts: 794 ■■■■□□□□□□
    That and end users who don't know any better. Another thing that bothers me is all of the website's still coded with microsoft silverlight. I'm pretty sure Microsoft stopped developing for it but netflix and WGU both use silverlight.
    Being a sys admin sucks but I love it
  • qwertyiopqwertyiop Member Posts: 725 ■■■□□□□□□□
    We literally can't get away from IE as our applicant tracking system was coded in coldfusion and will only render in IE.
    That is literally the only thing keeping me from loading up a custom linux distro and drop windows wherever I can.
  • aftereffectoraftereffector Member Posts: 525
    Bryzey wrote: »
    People still use IE?

    Pretty much the entire US Department of Defense. This is going to be fun.
    CCIE Security - this one might take a while...
  • --chris----chris-- Member Posts: 1,518 ■■■■■□□□□□
    Cert Poor wrote: »
    Specifically it's affecting IE versions 6 - 11. When did 6 come out, over 10 years ago?

    We just upgraded all workstations to 8 from 7 this month....then had the CIO send out an email about this (IE bug) to all the higher ups and its been filtering down all day.

    We have plenty of XP machines around here as well (some new machines going in with XP). Its not my job to try and figure out who has balanced the risk with the cost savings, so I just keep on installing :)


  • NovaHaxNovaHax Member Posts: 502 ■■■■□□□□□□
    Deathmage wrote: »
    I ponder if this is a ploy to make people upgrade from XP.....

    Of course it is. Microsoft is still writing the patches but only making them available to high paying industry giants who use embedded XP and are willing to shell out a fortune to keep the patches coming. Everyone else is up sh*t-creek without a paddle.

    So Microsoft makes money either way. Either you pay to upgrade or you pay to keep the patches. icon_rolleyes.gif
  • zidianzidian Member Posts: 132
    qwertyiop wrote: »
    We literally can't get away from IE as our applicant tracking system was coded in coldfusion and will only render in IE.

    ColdFusion really has nothing to do with the website loading in IE or other browser versions. The ColdFusion server outputs pretty much exactly what the developer said to output. A ColdFusion application is typically a mixture of ColdFusion tags and regular html. The ColdFusion server then reads the CF Tags, does some computations, and strips out the tags to leave just the bare html behind.

    I've used ColdFusion to output ASP, .Net, SVG, Java and many many other formats.

    Not that knowing any of this really helps you that much, but I figured I'd clear up that misconception. icon_wink.gif
    WGU BS-IT Software | Completed 9/30/2014
  • j.petrovj.petrov Member Posts: 282
    I've been dealing with this situation with a bunch of my company's clients. Its very unfortunate that people still use IE, however it still has its place. A lot of internal customized apps will only work correctly under IE, which is why this is such a pain. Best thing to do is put out an advisory to the user base telling them to practice safe web surfing guidelines and to use Chrome or Firefox for surfing the web.

    Additionally, we have suggested blocking IE from accessing the Internet and only allow it internally for the apps. You can then force all web traffic through Chrome of Firefox. Obviously you need the appropriate technology to implement this, an app sensing proxy is able to accomplish this.

    For all the XP users.... get off of XP. Plain and simple
  • j.petrovj.petrov Member Posts: 282
    WOW, Microsoft patched XP as well. Didn't see that coming! icon_cheers.gif
  • Cert PoorCert Poor Member Posts: 240 ■■■□□□□□□□
    Me neither. It's a double-edged sword. I actually agree with MS for patching XP just to avoid a PR nightmare, but it only serves to disincentive shops from truly migrating away from XP. Actions aren't matching words. I'm still glad this hole's been patched but surprised it's been vulnerable since IE 6. Ancient history.
    In progress: MTA: Database Fundamentals (98-364)
    Next up: CompTIA Cloud Essentials+ (CLO-002) or LPI Linux Essentials (010-160)
    Earned: CompTIA A+, Net+, Sec+, Server+, Proj+
    ITIL-F v3 2011 | ServiceNow CSA, CAD, CIS | CWNP CWTS
Sign In or Register to comment.