News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon

Blog Archives

  • To block the latest zero day, instead of removing Internet Explorer, just short-circuit access to MHT files

    Posted on April 18th, 2019 at 11:26 woody Comment on the AskWoody Lounge

    It’s pretty easy, if you know the tricks.

    Step-by-step details in Computerworld.

  • That Internet Explorer XXE zero day poking through to Edge

    Posted on April 18th, 2019 at 07:51 woody Comment on the AskWoody Lounge

    I’ve been slammed for the past few days, and haven’t kept you folks apprised of the latest Internet Explorer 0day.

    It depends on you opening an infect MHT file. MHT is an old file format that’s almost always opened by IE — no matter which browser you’re using, no matter which version of Windows. Catalin Cimpanu has a good overview of this XXE vulnerability on ZDNet.

    It’s a doozy of security hole as it affects every recent version of IE, and it infects whether you’re actively browsing with IE or not.

    When you download files from the internet, they’re marked — the “Mark-Of-The-Web” — to tell programs that special care is required when opening the files. Thus, if you download an infected MHT file, IE will know that it needs to open the MHT file with caution (at “low integrity,” in a sandbox). That severely limits this exploit’s reach.

    There’s a lot of controversy about how bad this XXE hole really is. There have been lots of XXE holes discovered in the past. They’re used to pull files off your machine and send them to the bad guys. Microsoft figured this one isn’t all that bad, in part because of the MOTW mechanism. The folks who discovered this particular hole aren’t so sanguine. They responded to Microsoft’s snub last week by releasing details, proof of concept code, and even a video.

    Yesterday, Mitja Kolsek at 0patch revealed something disconcerting. If you use Edge to download an infected MHT file, Internet Explorer will open it like any other file. Says Kolsek:

    Does Edge not put the mark-of-the-web on downloaded files, or does it do it differently and somehow confuses Internet Explorer? That would be a serious flaw.

    He goes on to explain how Edge changes the permissions on downloaded files and, thus, why IE will open the infected MHT file as if it had no Mark-Of-The-Web.

    All fascinating stuff if you’re into this kind of thing. Ionut Ilascu has a synopsis on BleepingComputer.

    The 0patch company has a quick patch that you can apply, free, if you’re concerned about getting burned. I’m not going to link to it — I don’t want to take responsibility for 3rd-party patches to Windows — but you can find it quite easily if you’re really interested. That said, 0patch is highly regarded, and has made many useful hotfixes for Windows.

    What to do? That’s easy. Don’t open MHT files. And don’t use IE.

    Thx to @Alex5723 and others who have been posting about this problem while I’m off doing other things…..

    Let’s see if I get a definitive answer from this:

    UPDATE: @mkolsek, who published the report yesterday, confirms that reassigning the default handler for MHT files breaks the attack. He tested it. I’ll write this up.

  • Woody’s Windows Watch: Dispatches from the browser-war’s front lines

    Posted on February 18th, 2019 at 05:38 woody Comment on the AskWoody Lounge

    Internet Explorer isn’t a web browser. According to Microsoft, it’s been demoted to a “compatibility solution.”

    Edge has some big fans, very few users — and it’s about to get a heart transplant.

    Chrome’s the crowd pleaser, but one hare-brained idea (recently rescinded) has to give you pause.

    Firefox keeps on foxing, but in terms of usage numbers, it can’t get a break.

    What should you do?

    Out this morning in AskWoody Plus Newsletter 16.6.0. Now available – yes, for free — on AskWoody.

  • Reported crash with the new out-of-band IE fix on Win7, KB 4483187

    Posted on December 20th, 2018 at 09:35 woody Comment on the AskWoody Lounge

    Remember yesterday, when I warned you that these extreme out-of-band patches have a nasty habit of causing havoc?

    Reports of problems with the patches are starting to come in.

    @David Beroff reports:

    Why did my Windows 7 Home Premium (ver 6.1, build 7601, SP1) system start crashing as soon as KB4483187 was installed? I had about 5 crashes in as many hours, while I was trying to work with overseas clients, before I was able to go in and uninstall it. I don’t ever use MSIE, and would uninstall it if I could. No other software was installed recently, and my system is usually as stable as a rock. (The last time I had crashing issues, I narrowed it down to Google’s Backup and Sync, which is now only run manually at night, rather than on startup, but today it was not running at all during any of these events.) Thank you.

    @PKCano has a good first guess:

    My guess is that there is some conflict between the javascript files that were changed in the KB4483187 update and some program you are using on your computer.

    What browser are you using?
    What program(s) are you using when the crash occurs?
    What AV program do you run?

    I know that all of the experts are scurrying around like Chicken Little, telling you that you need to install this patch, like, right now.

    I don’t buy it. There have been no details released that I can find. Clement Lecigne of Google’s Threat Analysis Group, who reported the problem, hasn’t said anything publicly. Google’s TAG is quiet on the topic. No reports of infections.

    When the patching world goes silent like that, it usually means that we’re looking at a very limited vulnerability. It may turn into a monster at some point – but we aren’t yet at that point. The likelihood of having your machine clobbered, in my opinion, is much higher than the likelihood of you hitting this particular security hole.

    Hang on. Although you’ll have to patch sooner or later, you don’t need to do it right now. My best advice is to stop using IE. Yes, I know that security holes in IE can be exploited other ways because IE is still woven into Windows. But the worst offender — Outlook rendering of formatted emails with the IE engine — was plugged many years ago. I haven’t heard of any direct infections through IE. And it’s a big step from an IE exploit to an infection via other means.

    We’re still at MS-DEFCON 2 for a reason.

  • Netmarketshare says Chrome’s getting even more market share, while IE and Edge continue to circle the drain

    Posted on November 1st, 2018 at 10:29 woody Comment on the AskWoody Lounge

    Although Edge itself has gone up by a minuscule amount, IE 11 went down by more than Edge.

    All hail Chrome.

    See Gregg Keizer’s analysis in Computerworld.

    According to California-based analytics company Net Applications, IE’s and Edge’s share dropped by a quarter of a percentage point in October, ending at 13.8%, a record for the century and a number not seen by Microsoft since IE first took on Netscape Navigator in the 1990s.

  • NetMarketshare: Internet Explorer usage up a touch, Edge down

    Posted on July 1st, 2018 at 14:57 woody Comment on the AskWoody Lounge

  • Keizer: Microsoft’s browsers are dying

    Posted on March 2nd, 2018 at 11:24 woody Comment on the AskWoody Lounge

    Er, dieing. Sorry.

    Gregg Keizer has a good look at the rapid decline of the IE (+ Edge) hegemony.

    Even though IE showed an uptick in usage last month, per Net Applications, the prognosis for Microsoft browsers is dismal:

    By the time Microsoft retires Windows 7, and for effective purposes, IE as well, Windows 10 should have reached a user share (of all Windows) of around 63.6%, assuming its climb continues on the past year’s trend line. If Edge hasn’t, well, edged up as a share of all Windows 10 by that time – and all evidence is that it will not – then Microsoft’s active browser share will be in the single digits, perhaps as low as 6%.

    Hard to imagine IE + Edge at 6%, but then again Windows Phone took a hard, fast fall, too.

  • IE and Edge nudge back up in market share

    Posted on January 2nd, 2018 at 15:23 woody Comment on the AskWoody Lounge

    From Gregg Keizer at Computerworld:

    According to Net Applications… the user share of Internet Explorer (IE) and Edge… bumped up seven-tenths of a percentage point to end 2017 at 17% — although the uptick recovered only a fifth of the massive loss from the month prior

    Only 14% of browser usage in Windows 10 is from Edge.