Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.



Windows 7: Microsoft Security Advisory 2458511 Released

03 Nov 2010   #1

Windows 7 & Windows Vista Ultimate
 
 
Microsoft Security Advisory 2458511 Released

Microsoft released Security Advisory 2458511 which relates to a vulnerability in Internet Explorer that could allow remote code execution. The vulnerability does not affect IE9 Beta but the other versions of IE are affected.

As indicated in the MSRC Blog, the impact of this vulnerability is extremely limited. Microsoft is not aware of any affected customers. From the report it was indicated that the exploit code was discovered on a single website which is no longer hosting the malicious code.

It is important to note that all attack Microsoft has seen are all blocked by DEP which is enabled by default on IE8 and can also be enabled for earlier versions of IE. Additional mitigations are described in DEP, EMET protect against attacks on the latest Internet Explorer vulnerability and the Security Advisory.

References:



My System SpecsSystem Spec
.

03 Nov 2010   #2
NoN

Windows 7 Professional SP1 - x64
 
 

Quote:
the impact of this vulnerability is extremely limited
Humm, not yet on windows update...Dep is enable here but guess:

"At this time, we are aware of targeted attacks attempting to use this vulnerability. We will continue to monitor the threat environment and update this advisory if this situation changes. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs."

Next week maybe!!
My System SpecsSystem Spec
03 Nov 2010   #3

Windows 7 & Windows Vista Ultimate
 
 

Unless it is a fairly "simple" fix, next week may be a bit premature. It takes time to go through all the test scenarios and then do all the translations.
My System SpecsSystem Spec
.


03 Nov 2010   #4

Windows 7 Professional 64 Bit SP1
 
 

I un-ticked IE 8 from the installed feature list. Would my computer still be vulnerable to this?

Quote   Quote: Originally Posted by Corrine View Post
Unless it is a fairly "simple" fix, next week may be a bit premature. It takes time to go through all the test scenarios and then do all the translations.
My System SpecsSystem Spec
03 Nov 2010   #5

Windows 7 & Windows Vista Ultimate
 
 

Hi, Rei Tumult.

Did you disable DEP on IE8? If not, then you should be fine since all attacks Microsoft has seen are blocked by DEP.

If you are not using IE 6, IE7 or IE8, then your computer is not vulnerable to this particular Advisory.

Note also, from the MSRC Blog post:

Quote:
The exploit code was discovered on a single website which is no longer hosting the malicious code. When a website is discovered to host malicious software, we work through legal channels to take the site down. {Bold added}
My System SpecsSystem Spec
04 Nov 2010   #6

Windows 7 Pro. 64/SP-1
 
 

How can Microsoft check all the websites in the world.
Answers.com - How many web sites are there in the World Wide Web
My System SpecsSystem Spec
04 Nov 2010   #7

Windows 7 & Windows Vista Ultimate
 
 

Microsoft doesn't and cannot do it alone, Layback Bear. The infected website could have been discovered by Microsoft, by one of the 70 MAPP partners, through responsible disclosure. Take a look at the acknowledgments at the bottom of the October Security Bulletin Release. There is a list of about 30 researchers who provided information.

Microsoft policy: Acknowledgment Policy for Microsoft Security Bulletins

Quote:
The responsibility for Microsoft's products rests with Microsoft alone, and we take that responsibility very seriously. However, there has traditionally been an unwritten rule among security professionals that the discoverer of a security vulnerability has an obligation to give the vendor an opportunity to correct the vulnerability before publicly disclosing it. This serves everyone's best interests, by ensuring that customers receive comprehensive, high-quality patches for security vulnerabilities but are not exposed to malicious users while the patch is being developed. Once customers are protected, public discussion of the vulnerability is entirely in order, and helps the industry at large improve its products.
My System SpecsSystem Spec
05 Nov 2010   #8

win7
 
 
New zero day flaw for IE all versions

This article warns of a new exploit on IE...although not many details have been given:- New zero day flaw hits Microsoft’s Internet Explorer | IT PRO
My System SpecsSystem Spec
05 Nov 2010   #9

Windows 7 Pro. 64/SP-1
 
 

Thanks Corrine. I understand now.
My System SpecsSystem Spec
Reply

 Microsoft Security Advisory 2458511 Released





Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 06:00 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33