Skip to comments.Hackers targeting newly discovered flaw in Microsoft Internet Explorer
Posted on 04/28/2014 7:13:12 AM PDT by JoeProBono
Hackers are already at work exploiting a newly discovered flaw in Microsofts Internet Explorer that has left more than half of the worlds Web browsers vulnerable to attack, including those on many federal government computers. Microsoft said it was aware of limited target attacks in a security advisory posted on Saturday. The flaw affects Internet Explorer versions 6 through 11. However, hackers are mostly targeting versions 9 through 11, according to the security firm FireEye, which discovered the flaw.........
(Excerpt) Read more at washingtonpost.com ...
Apple’s decision to not support Adobe Flash in iOS looks better all of the time.
It’s not that simple.
Even if you are using some other browser, you are still using IE.
Hunh? I don’t use IE, so how can I be using IE?
On my MAC? Drop that many years ago.
I know, you both think I’m crazy.
When you use Firefox, or Chrome, etc. you are simply using a ‘mask’ that is put over the face of Internet Explorer.
If you doubt me, try to remove IE from your computer.
If you are successful, you will no longer be posting anything anywhere.
Firefox runs on Linux; I’m using it now.
It doesn’t use IE because IE does not exist on my Linux machine.
The Windows port of firefox would not be completely rewritten to somehow sit on top of IE.
Anyone can download the source code (program in its orginal human-readable form as written by the developers) to the windows version of firefox just to verify this.
And no fix...yet.
FireEye also said running IE in enhanced protection mode, which is only available for IE versions 10 and 11, will protect users from attacks.
I never installed IE. I don’t have anything resembling IE on my computer.
"FireEye suggests disabling the Adobe Flash plugin because the attacks wont work without it. FireEye also said running IE in enhanced protection mode, which is only available for IE versions 10 and 11, will protect users from attacks...."
Oh, I don’t think you’re crazy, FRiend. I just wasn’t sure what you meant. Now I do.
Since that’s the case, I don’t know what to do. Suggestions?
The internet is running very slow in IL today. I use FireFox. Some sites load just fine while others don’t load at all. My internet is connected properly and I don’t have malware or viruses. I have heard others say they have experienced problems as well.
When you enable protected mode, does it alter the way you view/do things on IE?
That link is to an article that is almost ten years old when IE was an integral part of the MS operating system. MS was told by the courts to separate out IE from its operating systems so I’m not sure the article still applies.
Not that I’ve noticed but I very rarely use IE.
The flaw affects Internet Explorer versions 6 through 11.
I’m not talking about the flaw; the article is about removing IE so the flaw won’t affect it. Unfortunately, at least one part of the article still applies:
MS uses IE to update operating systems.
I don’t use it either except when something cannot be seen in FireFox from a company I used to work for.
Well, I would suggest-
Don’t Use IE as your browser.
Use something like Firefox and at least it will provide some protection, even though it uses IE as it’s base. Various addons for Firefox like NOSCRIPT help provide another layer of protection.
There is only so much you can do. Even if we had a cure (a fix), there is always a new disease.
Yes, FF operates differently when you use a different operating system.
Just like the earlier poster who said he had a MAC (where we assume he meant an APPLE computer), your environments are different, ergo you get different results.
Let me ask you this, when you downloaded Firefox, did you download the version for Windows or the one for Linux ?
Yes, there are browsers that use the IE rendering engine rather than roll their own. Firefox actually has a plugin you can to allow this as well (though I don't really know why you would.) Other browsers, like Opera and Firefox are completely separate programs that do not use the IE engine at all by default.
Personally, I think we'd all be better off if everyone just completely abandoned all microsoft products entirely, but what you said is untrue. Yes, it's difficult, if not impossible to actually remove IE from a windows system. That is by design, as microsoft makes extensive use of proprietary crap to destroy its competition by leveraging vendor lock-in as much as they can get away with. However, what you stated is simply not true.
Enhanced Protected Mode is a security feature that was introduced in Windows 8. By default, this feature is turned off in Internet Explorer on the Windows 8.1 desktop.
When this feature is enabled, add-ons such as toolbars, browser helper objects (BHOs), and extensions are loaded only if they are compatible with Enhanced Protected Mode. If you have to load an incompatible add-on, you can disable Enhanced Protected Mode for the desktop browser. This action lets incompatible add-ons load, but it may increase the risk of having malware or other potentially harmful software installed on your computer.So I would say depending on the add-on or extension you are using, it might. :-(
Of course the windows version.
It’s simply a port to that platform. Do you understand what progammers mean when they say “port” to a platform ?
You can download the source code for the Windows version and the source code for the Linux version and compare them.
I downloaded the Linux source; it’s tons of C++; I highly doubt, from just a quick glance, that it makes use of much besides display primitives, network and file i/o, user interaction, other OS primitives like threads, etc.
The latest “esr” (extended support) release is here:
You will notice a directory for each platform:
and you’ll notice a directory
under which there is a unified source archive; there’s just one set of programs. This leads me to guess that they’ve used the standard approach of not relying too heavily on platform specifics of any one platform that are high-level and would entail a lot of work to recreate on the other platforms.
IMHO, again, I haven’t looked at it, but if you’d like to prove that they “use” Internet Explorer, you certainly could look in the source code and find where they do.
Hmm, I didn’t know that.
IMHO, sw today is junky by design; too complex, too wide open in terms of security. Insecure by design. Even networking - what a bad joke of security.
The 400 showed that things can be secure and solid.
But now we see that security seems to be the last thing those “in charge” want.
When they started putting web stuff in the newly renamed “iSeries”, oh boy, what a joke.
Like building a model t on top of a maybach.
Security could be designed into the internet to be its default state, but our political masters enjoy being able to read your email too much. Why it that no major email client uses PGP by default to encrypt your email? Drives be crazy, as a long term paranoid old-timer who used to use PGP a lot from a DOS command line.
Yes, you'd be able to see the calls.
IE and Firefox use completely different rendering engines, among other things. You can easily demonstrate that by going to the Acid Test website in IE and Firefox, Opera and Chrome. You'll notice you get completely different results each time.
Thanks for the response. I respect your apparent knowledge of this issue, but still disagree with you. I understand your arguments, but am still unconvinced. If I am wrong, good. Then I’ll learn something new. I want to find out if my assertion is true or not. It may be that we are saying the same thing, but don’t realize it yet.
What browser did you use to download Firefox ?
I.E. What browser does Linux come equipped with ?
If you are using an APPLE computer, one would logically conclude that this 'problem' doesn't pertain to you.
PieterCasparzen, read the info at the link in post #10, and see if it isn’t saying exactly what I said.
P.S. Get on a Windows based PC, start up FIREFOX, then to to the TASK MANAGER. Tell me then that Internet Explorer (iexplore.exe) is not running.
Linux surely has it’s own version of iexplore.exe that is running as well. I just don’t know the name of it.
OK, what kind of 'computer' do you have and what operating system ?
So... it might depend on which 'version' of WINDOWS you are using, correct ?
What version are you using ?
I run Linux on it. Windows has been completely removed from the system. I booted it up once to Windows to be sure the hardware was working, then re-partitioned the entire disk(s).
I've run Fedora on it ever since.
Did as you said.
iexplore.exe is NOT RUNNING.
I’m running CentOS, (Community Enterprise OS).
It is a community version of Red Hat Linux. The Red Hat distribution is aimed at a corporate customer user base. Red Hat customers pay Red Hat for support of Linux.
The CentOS team is an organization unto itself, though it has ties with Red Hat (recent changes brought them closer). They call Red Hat the “upstream vendor”. CentOS basically takes Red Hat’s distribution, source code and all, and removes the Ret Hat branding and substitute CentOS branding, and builds their distribution from that. The CentOS distribution is available free of charge - but the caveat is there’s no support available to purchase. The CentOS customer must get by on their own.
Red Hat/CentOS comes with Mozilla Firefox as its default browser.
You could try killing that iexplore.exe process and see if firefox still works.
You may have Firefox set up to use the IE rendering engine.
Executable (.exe) files are linked with libraries, which are collections of executable routines/procedures/functions.
If they are linked statically, at link time (when the programmer is generating the .exe), the libraries are searched for called routines, which then are copied out of the library by the linker and inserted into the .exe as it is being created. One winds up with a self-standing .exe that can run on it’s own.
If they are linked dynamically, on windoes the libraries have that .DLL file extension, i.e., the dynamic link library. The routines are not copied into the .exe as it is built by the linker, just references are inserted. The resulting .EXE, when a user installs it, must at run time be able to find a DLL on the user’s machine in order to resolve the references and call the routines in the DLL.
It would be possible for firefox.exe to cause iexplore.exe to start when it starts (through a system call to “exec” another program), that would not be the normal way to invoke shared functionality.
The normal way to share functionality would be to put the shared routines into DLLs, thus, there would be no need to start up iexplore.exe in that case.
Oh, a more specific answer to your question:
I’ve used Firefox on Windows PCs and never seen it cause iexplore.exe to start up.
That being said, it’s been a few years since I’ve done so, and I’ve never gotten into Firefox addons/plugins much, other than basics like flash player. Addons can do all sorts of things.
You may have something “going on there”, may have something to do with what’s installed on your pc, how it’s configured. Of course, can’t rule out malware either, without knowing.
I meant explorer.exe
BTW, MS has decided to release a FIX for this bug for WINDOWS XP users.
You’ve got windows explorer open.
That’s the thingie that one uses to browse the files on one’s PC.
explorer.exe is not Internet Explorer...it’s the service that drives the Windows user interface of your computer (the start menu and such). You disable that and you don’t have many options for doing much of anything whether it’s using a web browser or any other application.
Apparently explorer.exe is associated with various vulnerabilities.
its the service that drives the Windows user interface of your computer (the start menu and such). You disable that and you dont have many options for doing much of anything whether its using a web browser or any other application.
Thanks to both of you for your responses.
I agree with your information, but...
It is , then, Windows Explorer that has the 'bug', and it is common to all Windows XP users. MS is even releasing a 'fix' to Windows XP for the problem.
My description of Firefox sitting on top of or being a mask for IE may be a clumsy way to describe it, but it would still seem that Windows itself is the problem.
I don't understand how the base engines of IE and FIREFOX can be any different, as they both must use the same commands to access the internet.
It's not the bleeding edge, by any means, but it's stable and reliable. The less blood, the better.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.