DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!
   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
DarkVision Hardware - Daily tech news
June 18, 2019 
Main Menu
News archives

Who's Online
There are currently 173 people online.


Latest Reviews
Ewin Racing Flash gaming chair
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset

Follow us

Critical exploit found in IE8 and earlier

Posted on Monday, December 31 2012 @ 12:41:52 CET by

Microsoft logo
Microsoft issued a security advisory on TechNet to warn for a new exploit that affects Internet Explorer 6, 7 and 8. The vulnerability allows attackers to perform remote code execution if users visit a malicious website. ARS Technica writes the exploit became public after the website of the Council of Foreign Relations was hacked and compromised with JavaScript code that served malicious code to older IE browsers whose language was set to “English (US), Chinese (China), Chinese (Taiwan), Japanese, Korean, or Russian. The code then created a heap-spray attack using Adobe Flash Player. Microsoft advises to upgrade to a newer version of IE and provides the following workarounds in case an upgrade isn't possible:
While we are actively working to develop a security update to address this issue, we encourage customers using affected versions of Internet Explorer to deploy the following workarounds and mitigations included in the advisory to help protect themselves:

  • Set Internet and local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones
    This will help prevent exploitation but may affect usability; therefore, trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.
  • Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and local intranet security zones
    This will help prevent exploitation but can affect usability, so trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.
  • Deploy the Enhanced Mitigation Experience Toolkit (EMET)
    This will help prevent exploitation by providing mitigations to protect against this issue and should not affect usability of websites. An easy guide for EMET installation and configuration is available in KB2458544.
  • Internet Explorer 9 and 10 are not affected by this issue.



    DV Hardware - Privacy statement
    All logos and trademarks are property of their respective owner.
    The comments are property of their posters, all the rest © 2002-2019 DM Media Group bvba