Internet Explorer 0dayPosted on September 18th, 2012 at 23:05 6 comments
Microsoft has warned about a newly discovered, not-yet-fixed hole in Internet Explorer, all versions (except IE 10).
There’s a thorough discussion on Brian Krebs’s site.
Smartest approach? Don’t use IE. Switch to Firefox or Chrome. Nod if you’ve heard that one before.
6 responses to “Internet Explorer 0day”
rc primak September 20th, 2012 at 02:18
The article says Windows 8 with IE 10 is not vulnerable to this exploit path. That’s the only IE combo I’ve been using since the Win 8 Developer Preview. Except on my Windows XP machine, where Firefox with IE(8) Tab is used just for MS Updates. Minimal exposure there, as Firefox is used for almost every place else, with NoScript, Ghostery and DoNotTrack Plus.
My Windows 7 browser is almost exclusively Chrome (Release Channel) with DNT+.
Still, a Fixit would be nice — if it actually provides full protections.
Woody: Are you at risk just having IE on your Windows 7 x64 machine? Even if you don’t use it? Would you be better off turning off IE all together in Windows Features? (I’ve turned off a number of other things I don’t use.) Or would that have a bad effect on something else? Thanks!
As I understand it, this particular security hole only takes effect if you surf to a bad site with IE; if you use Firefox or Chrome you’re OK.
There’s a new patch supposed to be out any minute now,
Im running windows XP SP3 and have caught up on all my patches as you said. Today 9/21/12 Microsoft is offering a patch for IE 8. Is it safe to install? I’ve never seen a patch brought out on a friday before.
rc primak September 22nd, 2012 at 06:58
What we needed is here.
An out of band patch for IE 6 through IE 9 fixes that security hole (we think).
But if you run Windows 8, you need to get the Flash Player Update for IE 10 and then reboot for the new Active X controls to take effect. This is separate from the IE security hole.
@Gary: the MS12-063 security updates for Internet Explorer are “out of band” security patches, meaning they’ve been released outside of the normal “2nd Tuesday of the month” schedule of security patches. Microsoft has done this on a few occasions before with valid reasons.
nevertheless, I’ve installed the recent IE patches on my XP, Vista & Seven computers last week.
I’m still waiting for IE10 to be released for Windows 7, which still hasn’t happened…yet.
Leave a reply