IE8 zero day vulnerability
Vulnerability in Internet Explorer Could Allow Remote Code Execution (Published: Friday, May 03, 2013)
http://technet.microsoft.com/en-us/security/advisory/2847140
Microsoft is investigating public reports of a vulnerability in Internet Explorer 8. Microsoft is aware of attacks that attempt to exploit this vulnerability.
IE 6, 7, 9, 10 are not affected.
Temporary FixIt workaround available http://support.microsoft.com/kb/2847140
Similar Messages
-
Patch for the lastest zero day vulnerability
Hi
Microsoft has released a patch for the latest zero day vulnerability. In the page
https://support.microsoft.com/kb/2887505 it is written:
"You must have security update 2870699 installed for this Fix it to provide effective protection against this issue."
Question: What happens if this path is installed and 2870699 has not been installed yet?
a: Will not provide effective protection against this issue before 2870699 has been installed - but work fine when it has been installed?
or
b: Will never provide effective protection against this issue if 2870699 is installed after the fix in 2887505.
Thanks in advance
Best regards HaraldHi,
This fixit is a appcompat shim, performs as a temporary Advanced Workaround to help protect against attempts to exploit this vulnerability. I think
it is recommended to install the two updates in sequence just as described in the KB.
To better understand this, I’d like to share the following articles with you:
CVE-2013-3893: Fix it workaround available
http://blogs.technet.com/b/srd/archive/2013/09/17/cve-2013-3893-fix-it-workaround-available.aspx
Regards,
Yolanda -
New Zero Day Vulnerability - does it impact Reader 8.3.1
I recognize EOL for Reader 8.x was November, but I need to know if this new vulnerability impacts users of Reader 8.3.1.
Thank you, and yes, but it does not specifically say if version 8.3.1 is
impacted (that I can tell)
Melissa Ryden
[signature removed by host]
From: Claudio González <[email protected]>
To: [email address removed by host]
Date: 12/08/2011 11:24 AM
Subject: Re: New Zero Day Vulnerability - does it impact Reader 8.3.1 New Zero Day Vulnerability - does it impact
Reader 8.3.1
Re: New Zero Day Vulnerability - does it impact Reader 8.3.1
created by Claudio González in Adobe Reader - View the full discussion
Did you see this Warning?
http://forums.adobe.com/thread/934058?tstart=0
Replies to this message go to everyone subscribed to this thread, not
directly to the person who posted the message. To post a reply, either
reply to this email or visit the message page: [
http://forums.adobe.com/message/4071814#4071814]
To unsubscribe from this thread, please visit the message page at [
http://forums.adobe.com/message/4071814#4071814]. In the Actions box on
the right, click the Stop Email Notifications link.
Start a new discussion in Adobe Reader by email or at Adobe Forums
For more information about maintaining your forum email notifications
please go to http://forums.adobe.com/message/2936746#2936746. -
I was wondering if anyone has done the following and if so did it break anything?
We are just in the process of deciding if this needs to be deployed to our entire estate and I am looking at the risks involved
Any advise on this will be appreciated
Unregister VGX.DLL
For 32-bit Windows systems
Important: For this workaround to take effect, you MUST run it from an elevated command prompt.
From an elevated command prompt enter the following command:
Copy
"%SystemRoot%\System32\regsvr32.exe" -u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"
A dialog box should appear after the command is run to confirm that the un-registration process has succeeded. Click
OK to close the dialog box.
Close and reopen Internet Explorer for the changes to take effect.This issue was resolved by deploying the hotfix that Microsoft released that same day.
-
Leaked Flash Zero Day Likely to be Exploited by Attackers
SURPRISE! There's a Flas 0-Day exploit.If you're not following ourSecurity Responseteam by now (also at@threatintel)you probably should.Whether you are a Symantec user or not, the men and women of this team are out there fighting the good fight every day and bringing the information to you. Dig it:Leaked Flash Zero Day Likely to be Exploited by Attackers
Proof-of -concept code to unpatched vulnerability published after breach at hackers-for-hire company.Symantec has confirmed the existence of a new zero-day vulnerability in Adobe Flash which could allow attackers to remotely execute code on a targeted computer. Since details of the vulnerability are now publicly available, it is likely attackers will move quickly to exploit it before a patch is issued.Details of the vulnerability surfaced following acyberattack against the controversial...
This topic first appeared in the Spiceworks CommunityLooks like it's there now
# pacman -Syu
:: Synchronizing package databases...
core is up to date
extra 377.0K 429.6K/s 00:00:01 [##############################################] 100%
community 370.0K 271.5K/s 00:00:01 [##############################################] 100%
:: Starting full system upgrade...
resolving dependencies...
looking for inter-conflicts...
Targets (15): brltty-4.0-1 xulrunner-1.9.1.1-1 firefox-3.5.1-1 lib32-glibc-2.10.1-3
lib32-e2fsprogs-1.41.8-1 lib32-gcc-libs-4.4.0-5 lib32-libgl-7.4.4-1 lib32-libjpeg-7-1
lib32-libxml2-2.7.3-2 lib32-libxt-1.0.6-1 lib32-mesa-7.4.4-1 recode-3.6-3 enca-1.9-4
libass-0.9.6-2 vlc-1.0.0-5
Total Download Size: 41.50 MB
Total Installed Size: 143.15 MB
Proceed with installation? [Y/n] -
Yet another Adobe Flash Player zero-day discovered from the Hacking Team breach.
Thanks for the heads up Symantec Matt.
Aaaahhhh yes... remember when an entire day could by without news of a breach or hack or targeted attack? Yeah... neither do I.It will probably shock you all to hear that the Symantec Security Response team dropped a new blog over the weekend outlining a Zero-Day vulnerability in Adobe Flash player. Dig it:Second PoC Exploit for Adobe Flash Player Discovered After the Hackers-for-Hire Company Breach
Yet another Adobe Flash Player zero-day discovered from the Hacking Team breach.Symantec is aware of a second vulnerability (CVE-2015-5122) in Adobe Flash Player that’s associated withHacking Team, the Italian company which recently suffered a major data breach. The existence of the unpatched vulnerability has been confirmed by Adobein itssecurity bulletin.Symantec’s analysis has confirmed that the vulnerability can be successfully exploited...
This topic first appeared in the Spiceworks Community -
Virus/Malware Solution Recommended For Flash Zero Day Breach
Can anyone recommend a virus/malware protection solution. I attempted to download adobe flash this morning and now malware has control of my browser and is sending a page with an 866 number to call. My IT tech called the number and it is an India call center and they want remote access to your machine. I have installed several different malware packages and none of them can find the files that are causing this problem. I am using a MAC with OSX 10.10.
Aaaahhhh yes... remember when an entire day could by without news of a breach or hack or targeted attack? Yeah... neither do I.It will probably shock you all to hear that the Symantec Security Response team dropped a new blog over the weekend outlining a Zero-Day vulnerability in Adobe Flash player. Dig it:Second PoC Exploit for Adobe Flash Player Discovered After the Hackers-for-Hire Company Breach
Yet another Adobe Flash Player zero-day discovered from the Hacking Team breach.Symantec is aware of a second vulnerability (CVE-2015-5122) in Adobe Flash Player that’s associated withHacking Team, the Italian company which recently suffered a major data breach. The existence of the unpatched vulnerability has been confirmed by Adobein itssecurity bulletin.Symantec’s analysis has confirmed that the vulnerability can be successfully exploited...
This topic first appeared in the Spiceworks Community -
Researchers reveal attack code for new IE zero-day...
Until this is patched all versions of Internet Explorer including IE8 on Windows 7 are vulnerable.
Researchers reveal attack code for new IE zero-day
Try to avoid using Internet Explorer until patched, I'd rather warn people now than let the Holodays etc be ruined.
Merry Christmas & Happy New Year.
"I have this awful feeling someone is watching every move I make (one of my pet hates is router location tagging)." Marvin (A paranoid Android)Rottie wrote:
Not being smug, but this is one of the many reasons why I personally prefer to use an open source browser. Fix times for "exploits" tend to be a lot faster.
Seasons greetings to you, too.
I only unlock IE when applying Windows Security Patches, otherwise I use a variety of locked down Browsers,
The purpose of my post however was to warn those that use IE through choice or other than that at their workplace.
Again Seasons Greeting to you.
"I have this awful feeling someone is watching every move I make (one of my pet hates is router location tagging)." Marvin (A paranoid Android) -
Is the Java "Zero-Day" bug dangerous for MountainLion users?
Is the Java "Zero-Day" bug dangerous for MountainLion users?
It is not yet dangerous, to my knowledge, as it is currently being used only to distribute Windows malware. But users of Java 7 are certainly vulnerable, should a hacker start distributing Mac malware through this vulnerability.
For more info, see:
http://www.reedcorner.net/new-unpatched-java-vulnerability-discovered/ -
Warning: Zero Day exploit in the wild targeting Adobe Reader 9.4.6
Adobe has just released details of a Zero Day exploit targeting Reader version 9.4.6, details here: http://blogs.adobe.com/asset/2011/12/background-on-cve-2011-2462.html
An independent site called H Security also has some background info on the subject which, to a lesser degree, also affects 10.1.1: http://www.h-online.com/security/news/item/New-Adobe-Reader-zero-day-in-the-wild-1391441.h tmlSo here we are now sitting pretty with Reader updated to 9.4.7
However, once again, this update has FAILED to address the issue with the Firefox plugin which remains as 9.4.5.236
So anybody who unwittingly updates Reader to 9.4.7 but doesn't notice that the Firefox plugin remains as 9.4.5.236 is going to have a nasty surprise if they happen to land on a malware infested site!
The only workaround here is to disable the plugin in the Firefox Add-ons manager which you can access by hitting CTRL+SHIFT+A. Go to the Plugins menu and click the "Disable" button to the right on the Reader installation. This means you will be unable to read PDF files in the Firefox browser and will instead be presented with the option to download them to your own machine. If however you choose to open them with the disabled plugin, it will once again remain enabled until you manually disable it again, so be careful. -
What's up with Java Zero Day, and is Snow Leopard endangered?
That.
Patched or not and regardless of the version, I'd keep Java disabled, period. Best place for Java is shackled, locked up and caged.
http://krebsonsecurity.com/2012/08/attackers-pounce-on-zero-day-java-exploit/
If you do not need Java, get rid of it, and if you do need it for specific applications or sites, limit your use of Java to those sites and applications, using a secondary browser for that purpose. -
It crashes when we call the Navigate method (see below). This has worked for many years in all previous windows environmnets but is crashing on windows 7 since OLE Zero Day Patch (Nov 12).
(IDispatch(GetOleObject) as IWebBrowser2).Navigate(URL, EmptyParam, EmptyParam, EmptyParam, EmptyParam)
What can we do to rectify this problem.
Thanks
Jim Clark
jim@m&&&&.com.au
61 03 9&&& 0086Hello Jim Clark,
Please temporarily uninstall the Update and check if this issue still exists.
For the methods not work and how to debug it, please consider seek help at the developer forum for more professional help.
Thank you for your understanding.
Best regards,
Fangzhou CHEN
Fangzhou CHEN
TechNet Community Support -
Zero-day exploit patch for Reader 9?
Any word on the zero-day exploit patch for Reader 9?
Yes, Claudio, thanks for the reply. I may be a little overly anxious in asking because, while I realize the patch is expected sometime this week, I have grown accustomed to Tuesday releases. Meanwhile our security team wants us to patch this exploit ASAP. I was just wondering if there were any updates on the expected release other than "this week."
-
I have used photoshop for several months now when I login, I have lost all my fonts and actions... it is saying I have zero days left in my trial...
Hi rachel,
Please refer to the help document below:
Creative Cloud applications unexpectedly revert to trial mode | CS6, CCM
Regards,
Sheena -
Snap! Zero-day flaw in Intel chips, Verizon's new plan, and spy-grade malware
A daily dose of today's top tech stories:Researchers at Black Hat demonstrate rootkit exploit in Intel processors –Every Intel processor released since 1997 has suffered from a vulnerability that"could grant someone access to the lowest-level firmware in a PC,"according to sources.The target is the System Management Mode, which "handles system errors and grants control to various subsystems, such as power." Intel has confirmed that it is working to patch the flaw.
Verizon changes everything –Competition between the major four cellular providers in the US has beenramping up over the past four years, and consumers are reaping the benfits. Take today's news: Verizon will be axing its contract model and moving to a month-by-month payment plan.According to CNET, there "are no single-line options orfamily plans [under Verizon's new plan]."...
This topic first appeared in the Spiceworks CommunityMy daughter has had her Razr for about 9 months now. About two weeks ago she picked up her phone in the morning on her way to school when she noticed two cracks, both starting at the camera lens. One goes completely to the bottom and the other goes sharply to the side. She has never dropped it and me and my husband went over it with a fine tooth comb. We looked under a magnifying glass and could no find any reason for the glass to crack. Not one ding, scratch or bang. Our daughter really takes good care of her stuff, but we still wanted to make sure before we sent it in for repairs. Well we did and we got a reply from Motorola with a picture of the cracks saying this was customer abuse and that it is not covered under warranty. Even though they did not find any physical damage to back it up. Well I e-mailed them back and told them I did a little research and found pages of people having the same problems. Well I did not hear from them until I received a notice from Fed Ex that they were sending the phone back. NOT FIXED!!! I went to look up why and guess what there is no case open any more for the phone. It has been wiped clean. I put in the RMA # it comes back not found, I put in the ID #, the SN# and all comes back not found. Yet a day earlier all the info was there. I know there is a lot more people like me and all of you, but they just don't want to be bothered so they pay to have it fix, just to have it do it again. Unless they have found the problem and only fixing it on a customer pay only set up. I am furious and will not be recommending this phone to anyone. And to think I was considering this phone for my next up grade! NOT!!!!
Maybe you are looking for
-
I can print to a Lexmark X4550, but not scan (with Image Capture)
Following tips (by "Lexmark Listens" and others) I succeded in printing (via USB and wifi) to a Lexmark X4550. But when scanning (via USB) using the Image Capture app (included in Mac OS), Image Capture sees the scanner a couple of seconds, then comp
-
When converting a document on Pages to PDF, is there a way to shrink the size of the PDF document?
-
Phone thinks it's connected to an accessory
My phone keeps popping up a dialog box saying that this accessory is not made for an iPhone and do I want airplane mode. It suddenly started doing this several times an hour. Also the call volume is diminished. I have nothing connected. Any ideas? TI
-
I am trying to install Photoshop CC on a Mac Pro running OS 9. I have installed Creative Cloud desktop and have successfully downloaded and installed Lightroom CC. When I attempt to install Ps CC, the application completes 42% of the process, then di
-
Render table with some of the rows unselectable
Hi all, I am using JSF for GUI development, i have a requirement wherein i want to render a table which has a column of checkboxes for selecting row(s) in addition to that i want that when the table is rendered based on some condition, for some of th