DV Hardware bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, ATi, hardware and technology!

   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
 
DarkVision Hardware - Daily tech news
May 19, 2013 
Main Menu

Home
Info
News archives
Links
Articles
Howto
Reviews
 

Who's Online
There are currently 100 people online.
 

Latest Reviews
Antec soundscience halo 6 LED bias lighting kit
Noctua NM-I3 SecuFirm2 Mounting Kit
Two months with Windows 8
Cooler Master Silencio 650
CM Storm QuickFire TK mechanical keyboard
Kingston HyperX 3K 240GB SSD
Sennheiser HD 555
ROCCAT Pyra Wireless mouse
 

RSS
RSS





 

Zero-day IE flaw also impacts Windows 7

Posted on Tuesday, September 18 2012 @ 18:39:45 CEST by


Microsoft logo
Yesterday I wrote about a zero-day security bug in Internet Explorer 7 and 8 that's being actively exploited by cybercriminals. The bug was thought to affect only these older versions of Internet Explorer, but new information points out that Internet Explorer 9 is also vulnerable, meaning Windows Vista and Windows 7 systems are also at risk of being infected.

The only version of Internet Explorer that's not vulnerable is IE10, but this browser is currently only available in the Windows 8 release previews. Microsoft investigated the issue and said it's working on a patch, but did not confirm whether it would be an out-of-cycle update. Given the high risk and the fact that the bug is already actively being exploited, it seems likely that the patch will be rolled out asap.
"We have received reports of only a small number of targeted attacks and are working to develop a security update to address this issue," blogged Yunsun Wee, director of the Microsoft Trustworthy Computing Group.
In a security advisory, Microsoft explains the bug is related to the way Internet Explorer accesses an object that has been deleted or has not been properly allocated. The vulnerability allows attackers to corrupt memory in a way that enables the execution of arbitrary code. By serving a specially crafted website, cybercriminals can exploit the vulnerability to infect a victim's PC with malware.

Until a patch is available, Microsoft recommends the following mitigations:
  • Deploy the Enhanced Mitigation Experience Toolkit (EMET)
  • Set Internet and local intranet security zone settings to "High" to block ActiveX controls and Active Scripting, and add trusted sites to the Trusted Sites zone to minimize your browsing disruption.
  • Configure IE to prompt before running Active Scripting or to disable Active Scripting in the Internet Explorer and local intranet security zones. This also affects usability, so MS recommends to add trusted sites to the Trusted Sites zone to minimize disruption.
    • Alternatively, you can also (temporarily) switch to another browser like Firefox or Chrome.


    		 


     

    DV Hardware - Privacy statement
    All logos and trademarks are property of their respective owner.
    The comments are property of their posters, all the rest © 2002-2013 DM Media Group bvba