Vulnerability in Internet Explorer Could Allow Remote Code Execution

Started by Eric the Red, December 11, 2008, 12:12:42 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Eric the Red

December 11, 2008, 12:12:42 PM
Please read Microsoft Security Advisory (961051) for details of a new IE vulnerability

QuoteMicrosoft is investigating new public reports of attacks against a new vulnerability in Internet Explorer. Our investigation so far has shown that these attacks are against Windows Internet Explorer 7 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, Windows Vista, Windows Vista Service Pack 1, and Windows Server 2008.

Full details of the alert may be found at:

http://www.microsoft.com/technet/security/advisory/961051.mspx
"The time to start running is around about the "e" in "Hey, you!" "

Eric the Red

#1
December 12, 2008, 09:41:15 PM
The advisory has been updated:-

Quote from: http://www.microsoft.com/technet/security/advisory/961051.mspxOur investigation so far has shown that these attacks are only against Windows Internet Explorer 7 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, Windows Vista, Windows Vista Service Pack 1, and Windows Server 2008. Microsoft Internet Explorer 5.01 Service Pack 4, Microsoft Internet Explorer 6 Service Pack 1, Microsoft Internet Explorer 6, and Windows Internet Explorer 8 Beta 2 on all supported versions of Microsoft Windows are potentially vulnerable.

In other words, the following may be susceptible to the same attack should the attackers target them


  • Internet Explorer 5.01 SP4
  • Internet Explorer 6
  • Internet Explorer 6 SP1
  • Internet Explorer 8 Beta 2

Don't panic yet but watch out for news on this.
"The time to start running is around about the "e" in "Hey, you!" "

Frands

#2
December 16, 2008, 09:35:44 PM
Hi  :)

FYI:

BBC News 09:20 GMT, Tuesday, 16 December 2008

QuoteUsers of Microsoft's Internet Explorer are being urged by experts to switch to a rival until a serious security flaw has been fixed.

The flaw in Microsoft's Internet Explorer could allow criminals to take control of people's computers and steal their passwords, internet experts say.

Microsoft urged people to be vigilant while it investigated and prepared an emergency patch to resolve it.

Further reading: http://news.bbc.co.uk/2/hi/technology/7784908.stm


QuoteMICROSOFT SECURITY ADVICE
Change IE security settings to high (Look under Tools/Internet Options)
Switch to a Windows user account with limited rights to change a PC's settings
With IE7 or 8 on Vista turn on Protected Mode
Ensure your PC is updated
Keep anti-virus and anti-spyware software up to date
Our greatest glory is not in never falling but in rising every time we fall.
- Confucius
-----
Trend Micro Internet Security


Home Forums:
https://www.landzdown.com/
http://securitygarden.blogspot.dk/
https://www.classicrockforums.com/

Aaron Hulett

#3
December 16, 2008, 10:12:09 PM
Out of band update scheduled for tomorrow.

Microsoft Security Bulletin Advance Notification for December 2008 - December 16, 2008
This is an advance notification of an out-of-band security bulletin that Microsoft is intending to release on December 17, 2008.
http://www.microsoft.com/technet/security/Bulletin/ms08-dec.mspx

Eric the Red

#4
December 17, 2008, 10:02:28 AM
I have merged these two topics into one as they both relate to the same IE vulnerability.
"The time to start running is around about the "e" in "Hey, you!" "

Eric the Red

#5
December 17, 2008, 06:57:51 PM
As stated above, an update for this issue is now available, more details at:

kb960714
"The time to start running is around about the "e" in "Hey, you!" "
Print
Go Up Pages1
User actions