Microsoft released Security Advisory 2458511 which relates to a vulnerability in Internet Explorer that could allow remote code execution. The vulnerability does not affect IE9 Beta but the other versions of IE are affected.
As indicated in the MSRC Blog, the impact of this vulnerability is extremely limited. Microsoft is not aware of any affected customers. From the report it was indicated that the exploit code was discovered on a single website which is no longer hosting the malicious code.
the impact of this vulnerability is extremely limited
Humm, not yet on windows update...Dep is enable here but guess:
"At this time, we are aware of targeted attacks attempting to use this vulnerability. We will continue to monitor the threat environment and update this advisory if this situation changes. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs."
Unless it is a fairly "simple" fix, next week may be a bit premature. It takes time to go through all the test scenarios and then do all the translations.
I un-ticked IE 8 from the installed feature list. Would my computer still be vulnerable to this?
Corrine said:
Unless it is a fairly "simple" fix, next week may be a bit premature. It takes time to go through all the test scenarios and then do all the translations.
The exploit code was discovered on a single website which is no longer hosting the malicious code. When a website is discovered to host malicious software, we work through legal channels to take the site down. {Bold added}
Computer Type: PC/Desktop System Manufacturer/Model Number: Home made Desktop OS: Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64 CPU: Intel i7-6800K @ 4.3 Motherboard: ASUS X-99 Deluxe II Memory: Corsair Platinum 16 gig @2400 Graphics Card: EVGA GTX 1070 OC Monitor(s) Displays: Asus 27" LED LCD/VE278Q Screen Resolution: 1920-1080 or 1280-720 HDMI Keyboard: Das 4 Professional Mouse: Logitech M705/MX Anywhere 2-S PSU: EVGA Platium 1200W Case: Phanteks Luxe Tempered Glass 8 fans/ one radiator Cooling: XSPC/ Water Cooled CPU Hard Drives: INTEL SSD 730-240 Gb Sata 3.0/ Internet Speed: 100 mbits Browser: I.E. 11 default/Firefox/ ISP Time Warner Cable/Spectrum Antivirus: Microsoft Security Essentials/ Malwarebytes Premium 3.0/ SAS Other Info: LG BluRay Burner/
Sound system-KLipsch-THX/
Icy Dock ssd Hot Swap bays.
Microsoft doesn't and cannot do it alone, Layback Bear. The infected website could have been discovered by Microsoft, by one of the 70 MAPP partners, through responsible disclosure. Take a look at the acknowledgments at the bottom of the October Security Bulletin Release. There is a list of about 30 researchers who provided information.
The responsibility for Microsoft's products rests with Microsoft alone, and we take that responsibility very seriously. However, there has traditionally been an unwritten rule among security professionals that the discoverer of a security vulnerability has an obligation to give the vendor an opportunity to correct the vulnerability before publicly disclosing it. This serves everyone's best interests, by ensuring that customers receive comprehensive, high-quality patches for security vulnerabilities but are not exposed to malicious users while the patch is being developed. Once customers are protected, public discussion of the vulnerability is entirely in order, and helps the industry at large improve its products.
Computer Type: PC/Desktop System Manufacturer/Model Number: Home made Desktop OS: Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64 CPU: Intel i7-6800K @ 4.3 Motherboard: ASUS X-99 Deluxe II Memory: Corsair Platinum 16 gig @2400 Graphics Card: EVGA GTX 1070 OC Monitor(s) Displays: Asus 27" LED LCD/VE278Q Screen Resolution: 1920-1080 or 1280-720 HDMI Keyboard: Das 4 Professional Mouse: Logitech M705/MX Anywhere 2-S PSU: EVGA Platium 1200W Case: Phanteks Luxe Tempered Glass 8 fans/ one radiator Cooling: XSPC/ Water Cooled CPU Hard Drives: INTEL SSD 730-240 Gb Sata 3.0/ Internet Speed: 100 mbits Browser: I.E. 11 default/Firefox/ ISP Time Warner Cable/Spectrum Antivirus: Microsoft Security Essentials/ Malwarebytes Premium 3.0/ SAS Other Info: LG BluRay Burner/
Sound system-KLipsch-THX/
Icy Dock ssd Hot Swap bays.
Quote