Forums | Albums | Social Groups

Go Back   UGL - We live the Unreal Life! > PC Support Section > General what nots

General what nots post here things to help peeps.

Reply
 
Thread Tools Display Modes
Old 09-17-2012, 04:42 PM   #1
Doz
Maniac Drummer
 
Doz's Avatar
 
Join Date: Feb 2008
Location: Florida
Posts: 3,017
Default Do not use IE7, 8 or IE9 until Microsoft fixes info

Latest IE Zero-Day Flaw Tied to Nitro Hackers and Recent Java Zero-Day Exploits

Source info
http://threatpost.com/en_us/blogs/la...xploits-091712


Security experts are warning enterprise and consumer users to stay away from Internet Explorer until Microsoft issues a patch for a new zero-day vulnerability in the browser. Active exploits have been discovered in the wild and are being linked to Nitro, the same group of hackers from China who were exploiting two Java zero-days in late August.

An exploit was developed over the weekend for the Metasploit exploit toolkit after the zero-day was found by researcher and Metasploit contributor Eric Romang. Romang discovered a new use-after-free vulnerability in IE was being exploited after monitoring some of the servers infected in the Java attacks.

IE 7, 8 and 9 are vulnerable on Windows XP, Vista and 7, researchers at Metasploit said.

“Since Microsoft has not released a patch for this vulnerability yet, Internet users are strongly advised to switch to other browsers such as Chrome or Firefox until a security update becomes available,” a post on the Metasploit community blog said. “The exploit had already been used by malicious attackers in the wild before it was published in Metasploit.”

Tod Beardsley, Metasploit Engineering Manager, said the vulnerability is similar to a buffer overflow.

“The gist of it is, if a user visits a website with the exploit on it, the attacker can run code of his choice in the context of the user,” Beardsley said. “Typically, you’ll get a command shell and you’ll be able to do anything the user can, such as delete or add files or change registry values.”

Romang had a busy weekend. Monitoring the infected servers on Saturday, he found four files on a /public/help folder. The files included an executable, two HTML files and a Flash movie. The movie would load upon a user landing on an infected webpage. The movie loads the executable and the other HTML page, dropping the executable onto the victim machine. He tested the files on a patched Windows XP Pro SP3 machines with a patched Adobe Flash player and was still infected, he said. Romang added that none of the files were detected by antimalware protection.

The IE zero-day comes on the heels of a zero-day in Oracle’s Java 7; exploits were being used in targeted attacks that installed a version of the Poison Ivy Remote Access Trojan on victim machines. Only Java 7 is vulnerable and exploits worked against fully patched Windows 7 machines with Java 7 update 6 running. Oracle has since patched both vulnerabilities in Java 7, update 7, but shortly after the fix was released, researchers found a new bug that allowed a complete Java sandbox escape.

Desktop and Windows admin have a busy time ahead of them. “I can confirm, the zero-day season is really not over yet,” Romang said.
__________________
I am a USAF Veteran and LoveUSA

Doz is offline   Reply With Quote
Old 09-24-2012, 01:26 PM   #2
Doz
Maniac Drummer
 
Doz's Avatar
 
Join Date: Feb 2008
Location: Florida
Posts: 3,017
Default

Windows update info on the IE fix

http://technet.microsoft.com/en-us/s...letin/ms12-063
__________________
I am a USAF Veteran and LoveUSA

Doz is offline   Reply With Quote
Old 10-05-2012, 10:09 AM   #3
Doz
Maniac Drummer
 
Doz's Avatar
 
Join Date: Feb 2008
Location: Florida
Posts: 3,017
Default

Window update coming info

http://technet.microsoft.com/en-us/s...letin/ms12-oct
__________________
I am a USAF Veteran and LoveUSA

Doz is offline   Reply With Quote
Old 12-15-2012, 09:45 PM   #4
Doz
Maniac Drummer
 
Doz's Avatar
 
Join Date: Feb 2008
Location: Florida
Posts: 3,017
Default

A vulnerability in different versions of Microsoft's widely used browser Internet Explorer can allow hackers to track the movements of your mouse.

This can potentially reveal sensitive data introduced via virtual keyboards, which are used precisely to avoid data theft via another online threat: key stroke loggers. Spider.io found out that Internet Explorer versions 6 to 10 are vulnerable to this kind of exploitation. What's worse, hackers could potentially track your movements even if the I.E. window is minimized.

This vulnerability is also apparently easy to take advantage of. All a hacker needs to do is buy a display ad on any webpage and wait until a user visits it. If the tab remains open, the hacker has continuous access to your mouse movements.

SEE ALSO: Mac Computers Get Malicious Fake-Installer Trojan for First Time

The issue was discovered by Spider.io, a web analytics company, when it was studying new ways to measure the effectiveness of ads placed in different parts of webpages. Microsoft was warned of this issue in October, but there's no apparent plan to patch it yet.


Source

http://mashable.com/2012/12/14/inter...vulnerability/

This is why you should use Firefox
__________________
I am a USAF Veteran and LoveUSA

Doz is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 5 (0 members and 5 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Window Update Info you need to KNOW Doz Computer Help 33 11-12-2014 03:36 PM
Windows 8 info Doz General Discussion 7 02-08-2013 07:51 AM
Microsoft Releases Windows 7 SP1 Doz How To Fix It 0 02-24-2011 11:11 AM
Microsoft warns of new Windows zero-day bug Doz How To Fix It 0 01-30-2011 05:48 PM
Access the Windows Update Catalog Doz Computer Help 1 12-29-2009 04:53 PM


All times are GMT -5. The time now is 06:36 PM.

Powered by vBulletin® Version 3.8.1
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.