DV Hardware bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!

   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
 
DarkVision Hardware - Daily tech news
August 23, 2017 
Main Menu
Home
Info
News archives
Articles
Howto
Reviews
 

Who's Online
There are currently 83 people online.

 

Latest Reviews
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset
Lamptron FC-10 SE fan controller
ZOWIE G-TF Rough mousepad
ROCCAT Isku FX gaming keyboard
Prolimatech Magnetic Pin
 

Follow us
RSS
 

Critical exploit found in IE8 and earlier

Posted on Monday, December 31 2012 @ 12:41:52 CET by


Microsoft logo
Microsoft issued a security advisory on TechNet to warn for a new exploit that affects Internet Explorer 6, 7 and 8. The vulnerability allows attackers to perform remote code execution if users visit a malicious website. ARS Technica writes the exploit became public after the website of the Council of Foreign Relations was hacked and compromised with JavaScript code that served malicious code to older IE browsers whose language was set to “English (US), Chinese (China), Chinese (Taiwan), Japanese, Korean, or Russian. The code then created a heap-spray attack using Adobe Flash Player. Microsoft advises to upgrade to a newer version of IE and provides the following workarounds in case an upgrade isn't possible:
While we are actively working to develop a security update to address this issue, we encourage customers using affected versions of Internet Explorer to deploy the following workarounds and mitigations included in the advisory to help protect themselves:

  • Set Internet and local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones
    This will help prevent exploitation but may affect usability; therefore, trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.
  • Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and local intranet security zones
    This will help prevent exploitation but can affect usability, so trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.
  • Deploy the Enhanced Mitigation Experience Toolkit (EMET)
    This will help prevent exploitation by providing mitigations to protect against this issue and should not affect usability of websites. An easy guide for EMET installation and configuration is available in KB2458544.
  • Internet Explorer 9 and 10 are not affected by this issue.



     



     

    DV Hardware - Privacy statement
    All logos and trademarks are property of their respective owner.
    The comments are property of their posters, all the rest © 2002-2017 DM Media Group bvba