Forums | Albums | Social Groups |
|
General what nots post here things to help peeps. |
|
Thread Tools | Display Modes |
09-17-2012, 04:42 PM | #1 |
Maniac Drummer
Join Date: Feb 2008
Location: Florida
Posts: 3,017
|
Do not use IE7, 8 or IE9 until Microsoft fixes info
Latest IE Zero-Day Flaw Tied to Nitro Hackers and Recent Java Zero-Day Exploits
Source info http://threatpost.com/en_us/blogs/la...xploits-091712 Security experts are warning enterprise and consumer users to stay away from Internet Explorer until Microsoft issues a patch for a new zero-day vulnerability in the browser. Active exploits have been discovered in the wild and are being linked to Nitro, the same group of hackers from China who were exploiting two Java zero-days in late August. An exploit was developed over the weekend for the Metasploit exploit toolkit after the zero-day was found by researcher and Metasploit contributor Eric Romang. Romang discovered a new use-after-free vulnerability in IE was being exploited after monitoring some of the servers infected in the Java attacks. IE 7, 8 and 9 are vulnerable on Windows XP, Vista and 7, researchers at Metasploit said. “Since Microsoft has not released a patch for this vulnerability yet, Internet users are strongly advised to switch to other browsers such as Chrome or Firefox until a security update becomes available,” a post on the Metasploit community blog said. “The exploit had already been used by malicious attackers in the wild before it was published in Metasploit.” Tod Beardsley, Metasploit Engineering Manager, said the vulnerability is similar to a buffer overflow. “The gist of it is, if a user visits a website with the exploit on it, the attacker can run code of his choice in the context of the user,” Beardsley said. “Typically, you’ll get a command shell and you’ll be able to do anything the user can, such as delete or add files or change registry values.” Romang had a busy weekend. Monitoring the infected servers on Saturday, he found four files on a /public/help folder. The files included an executable, two HTML files and a Flash movie. The movie would load upon a user landing on an infected webpage. The movie loads the executable and the other HTML page, dropping the executable onto the victim machine. He tested the files on a patched Windows XP Pro SP3 machines with a patched Adobe Flash player and was still infected, he said. Romang added that none of the files were detected by antimalware protection. The IE zero-day comes on the heels of a zero-day in Oracle’s Java 7; exploits were being used in targeted attacks that installed a version of the Poison Ivy Remote Access Trojan on victim machines. Only Java 7 is vulnerable and exploits worked against fully patched Windows 7 machines with Java 7 update 6 running. Oracle has since patched both vulnerabilities in Java 7, update 7, but shortly after the fix was released, researchers found a new bug that allowed a complete Java sandbox escape. Desktop and Windows admin have a busy time ahead of them. “I can confirm, the zero-day season is really not over yet,” Romang said.
__________________
I am a USAF Veteran and LoveUSA |
09-24-2012, 01:26 PM | #2 |
Maniac Drummer
Join Date: Feb 2008
Location: Florida
Posts: 3,017
|
__________________
I am a USAF Veteran and LoveUSA |
10-05-2012, 10:09 AM | #3 |
Maniac Drummer
Join Date: Feb 2008
Location: Florida
Posts: 3,017
|
__________________
I am a USAF Veteran and LoveUSA |
12-15-2012, 09:45 PM | #4 |
Maniac Drummer
Join Date: Feb 2008
Location: Florida
Posts: 3,017
|
A vulnerability in different versions of Microsoft's widely used browser Internet Explorer can allow hackers to track the movements of your mouse.
This can potentially reveal sensitive data introduced via virtual keyboards, which are used precisely to avoid data theft via another online threat: key stroke loggers. Spider.io found out that Internet Explorer versions 6 to 10 are vulnerable to this kind of exploitation. What's worse, hackers could potentially track your movements even if the I.E. window is minimized. This vulnerability is also apparently easy to take advantage of. All a hacker needs to do is buy a display ad on any webpage and wait until a user visits it. If the tab remains open, the hacker has continuous access to your mouse movements. SEE ALSO: Mac Computers Get Malicious Fake-Installer Trojan for First Time The issue was discovered by Spider.io, a web analytics company, when it was studying new ways to measure the effectiveness of ads placed in different parts of webpages. Microsoft was warned of this issue in October, but there's no apparent plan to patch it yet. Source http://mashable.com/2012/12/14/inter...vulnerability/ This is why you should use Firefox
__________________
I am a USAF Veteran and LoveUSA |
Currently Active Users Viewing This Thread: 7 (0 members and 7 guests) | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Window Update Info you need to KNOW | Doz | Computer Help | 33 | 11-12-2014 03:36 PM |
Windows 8 info | Doz | General Discussion | 7 | 02-08-2013 07:51 AM |
Microsoft Releases Windows 7 SP1 | Doz | How To Fix It | 0 | 02-24-2011 11:11 AM |
Microsoft warns of new Windows zero-day bug | Doz | How To Fix It | 0 | 01-30-2011 05:48 PM |
Access the Windows Update Catalog | Doz | Computer Help | 1 | 12-29-2009 04:53 PM |
Powered by vBulletin® Version 3.8.1 Copyright ©2000 - 2024, Jelsoft Enterprises Ltd. |