"Hackers targeting newly discovered flaw in Internet Explorer

This is what is known as a “zero-day” threat because there was zero time between the discovery of the vulnerability and the first attack by someone exploiting it.

The flaw relies on a well-known flash exploitation technique to bypass Windows security protection. Once the bad guys are in, they can install malicious software without users knowing."
...

http://www.washingtonpost.c...-explorer/?tid=hp_mm


The vulnerability is in all IE versions 6-11

[This message has been edited by 2.5 (edited 04-28-2014).]

Yeah, just 2 weeks after support for XP is terminated, they suddenly "discover" this security flaw. The cynical part of me thinks they knew before XP support ended, just another way to force the purchase of newer software. With 20% of computers still running XP, they ought to fix this for XP users too.

Does Firefox have a version compatible with XP? If so, I would think this is a pretty easy fix for those folks.

Shouldn't surprise anyone. IE has a long history of Zero Day bugs.
Flash has yet another one this week too.

quote Originally posted by fastblack: Does Firefox have a version compatible with XP? If so, I would think this is a pretty easy fix for those folks.

Yes But Flash bug affect most browsers...

------------------
Dr. Ian Malcolm: Yeah, but your scientists were so preoccupied with whether or not they could, they didn't stop to think if they should.
(Jurassic Park)

The Ogre's Fiero Cave (It's also at the top and bottom of every forum page...)

seriously.. people still use windows explorer?

Apparently, this is a very serious threat. So serious that the Department of Homeland Security warns against using Internet Explorer until the bug is patched. In addition, several other governments (like the British and Dutch governments) have advised the same thing. Some IT experts even predict this may be the nail in Microsoft's coffin.

One thing's for sure. XP users will not receive a patch, even though it's estimated that 15%-30% of all PC's world wide still run XP.

Is it safe to have I.E. installed but not use it? Or should it be somehow removed?

quote Originally posted by 2.5: Is it safe to have I.E. installed but not use it? Or should it be somehow removed?

Most/all no choice.
IE runs many services like Window Update site, most/all MS Cloud services, etc.

Any browser isn't much safer, if any, then IE. Browser themselves or plugins causes problems.
All uses Flash Player and that has repeatedly zero days bugs too.
Adobe's Flash Player gets an emergency update (computerworld, posted April 28, 2014 01:37 PM ET)

Heartbleed is old news? Nope. That bug affect many things, not just web sites.
Example It’s Crazy What Can Be Hacked Thanks to Heartbleed (Wired)

I just got a security update for internet explorer, anybody else get this on may 1st?

Edit,,, Yes, Microsoft decided to update IE and even for XP users.

http://krebsonsecurity.com/...y-includes-xp-users/

[This message has been edited by jetman (edited 05-01-2014).]

Disclaimer: Part of my job working for a smart metering firm involves wide-scale penetration testing of various applications for high security environments. So my statements below reflect only experience gathered by that testing. It is in no way to be construed as legal advice, and I do not take any responsibility for any actions you take in response to the information left below.

The Flash bug is part in parcel of the IE bug. The other issue is the vector markup language rendering engine IE uses. Unregistering VGX.dll will remove the second attack vector utilized in this situation. There are others via Java and ActiveX controls, but Flash and the VML vulnerabilities are the two biggest ones. This ZD is being patched quickly because it has an effect on so many versions of the browser and windows as a whole. However, this should be everyone's wake-up to stop using IE in general. It's never been standards-compliant, the code-base has always been an amalgamation of flatly embarrassing flaws and inefficiencies, and really should be considered the red-headed step-child of the browser world to be avoided like it has every plague the human race has ever known. And some it has yet to discover. Microsoft is only now trying to save face by retroactively allowing XP to receive the patch as well.

quote Originally posted by Ravant: The Flash bug is part in parcel of the IE bug.

This time.
Flash, Acrobat (Full and Reader), and other Adobe products have a long history of security bugs and affects 1, 2, or all browsers or w/o any browser.
Acrobat have problems with and w/o any browser.
Many sites are useless w/o Flash plug-in and worse, many sites use Flash cookies to add to or bypass Browser cookies rules.

Same for Java... I got tried of one ZD bug after another so I dumped old menu. Menu I use now works even when J-Scipt is off.
My main system hasn't use Java ever since. Not even installed.
(Reminder to everyone... If used Java only to access my cave then Remove Java.)