Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

It's Friday, the weekend has landed... and Microsoft warns of an Internet Explorer zero day exploited in the wild (Yes, this is IN ADDITION TO all the bad ones in Patch Tuesday)
The Register ^ | Jan 18, 2020 | Shaun Nichols

Posted on 01/18/2020 11:49:22 AM PST by dayglored

Still using Internet Explorer? Don't. There's another zero-day

Microsoft let slip on Friday an advisory detailing an under-attack zero-day vulnerability (CVE-2020-0674) for Internet Explorer. The scripting engine flaw can be exploited to gain remote code execution on a vulnerable machine by way of a specially crafted webpage. The flaw can be mitigated by restricting access to the JavaScript component JScript.dll, and thus far there is no patch available.

"Microsoft is aware of this vulnerability and working on a fix," the software giant noted.

"Our standard policy is to release security updates on Update Tuesday, the second Tuesday of each month. This predictable schedule allows for partner quality assurance and IT planning, which helps maintain the Windows ecosystem as a reliable, secure choice for our customers. Microsoft is aware of limited targeted attacks."

Unless you're an enterprise still requiring IE for various apps, you should really consider moving off Exploder at this point. If you want to stay with Microsoft, there is the new Edge browser, or you can opt for Chrome, Firefox, Opera, Brave, or any number of other browser options.

From the above-linked Microsoft Security Advisory:

... The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website, for example, by sending an email.



TOPICS: Business/Economy; Computers/Internet; Hobbies
KEYWORDS: ie; internetexplorer; windows; windowspinglist
Navigation: use the links below to view more comments.
first 1-2021-4041-42 next last
Geez, and having patched everything the past few days, we thought we'd have the weekend off.

Note: The bold emphasis in the article quoted is mine.

1 posted on 01/18/2020 11:49:22 AM PST by dayglored
[ Post Reply | Private Reply | View Replies]

To: Abby4116; afraidfortherepublic; aft_lizard; AF_Blue; AppyPappy; arnoldc1; ATOMIC_PUNK; bajabaja; ...
Internet Explorer Zero-Day Exploited Vuln ... PING!

You can find all the Windows Ping list threads with FR search: just search on keyword "windowspinglist".

2 posted on 01/18/2020 11:50:16 AM PST by dayglored ("Listen. Strange women lying in ponds distributing swords is no basis for a system of government."`)
[ Post Reply | Private Reply | To 1 | View Replies]

To: dayglored
THIS IS NOT FIXED YET -- NO PATCH IS AVAILABLE YET
3 posted on 01/18/2020 11:51:20 AM PST by dayglored ("Listen. Strange women lying in ponds distributing swords is no basis for a system of government."`)
[ Post Reply | Private Reply | To 1 | View Replies]

To: dayglored

But really, ‘fess up now, you’re not STILL using Internet Exxplorer, right? RIGHT???


4 posted on 01/18/2020 11:52:15 AM PST by dayglored ("Listen. Strange women lying in ponds distributing swords is no basis for a system of government."`)
[ Post Reply | Private Reply | To 1 | View Replies]

To: dayglored

Well, it is ONE way to get a menu bar … and yes, there are still big corporate pages that work properly only with IE.


5 posted on 01/18/2020 11:57:10 AM PST by Dr. Sivana (There is no salvation in politics)
[ Post Reply | Private Reply | To 4 | View Replies]

To: dayglored

THE PATCH HAS BEEN OUT FOR YEARS...
Don’t surf as admin.


6 posted on 01/18/2020 12:06:11 PM PST by mrsmith (Dumb sluts (M / F) : Lifeblood of the Media, Backbone of the Democrat/RINO Party!)
[ Post Reply | Private Reply | To 3 | View Replies]

To: Dr. Sivana
> there are still big corporate pages that work properly only with IE....there are still big corporate pages that work properly only with IE.

I wish such companies would publicize the fact that they're still in that state. It speaks very poorly of their commitment to business security.

I know very well, being in that business, that it takes a lot of time, effort, and money to rewrite a big business application or website for portability once it's been written for IE. Maybe Microsoft could set up a fund that companies could request and tap for help in cutting loose from IE. :-)

Anyway, if I knew which companies were still in that state, I would make a point of avoiding their web sites and web services. It's freakin' 2020. There is simply no excuse for Internet Explorer being used anywhere but in a museum of Early Internet Curiosities.

7 posted on 01/18/2020 12:06:35 PM PST by dayglored ("Listen. Strange women lying in ponds distributing swords is no basis for a system of government."`)
[ Post Reply | Private Reply | To 5 | View Replies]

To: mrsmith
> THE PATCH HAS BEEN OUT FOR YEARS... Don’t surf as admin.

Well, that advice is of course excellent and has indeed been published for many years.

Care to venture a guess as to what percentage of Windows users surf using their admin-priv user account?

8 posted on 01/18/2020 12:08:24 PM PST by dayglored ("Listen. Strange women lying in ponds distributing swords is no basis for a system of government."`)
[ Post Reply | Private Reply | To 6 | View Replies]

To: dayglored

More interesting...
why doesn’t Windows make it a default to put IE, or any browser, only in a user accounts?

I don’t like Edge because I’m not allowed to modify it like I can IE.
Why won’t they let user at least modify it’s settings to make it more secure?

I assume profit is involved.


9 posted on 01/18/2020 12:14:16 PM PST by mrsmith (Dumb sluts (M / F) : Lifeblood of the Media, Backbone of the Democrat/RINO Party!)
[ Post Reply | Private Reply | To 8 | View Replies]

To: dayglored

I got the fix ...

Remove the nameserver for microsoft.com from the domain registry.


10 posted on 01/18/2020 12:16:16 PM PST by George from New England (escaped CT in 2006, now living north of Tampa)
[ Post Reply | Private Reply | To 3 | View Replies]

To: George from New England
> I got the fix ... Remove the nameserver for microsoft.com from the domain registry.

Give 'em time, they'll do it themselves. Microsoft has TWICE inadvertently allowed one of their critical domain names to expire.

https://whoapi.com/blog/5-all-time-domain-expirations-in-internets-history/

11 posted on 01/18/2020 12:19:59 PM PST by dayglored ("Listen. Strange women lying in ponds distributing swords is no basis for a system of government."`)
[ Post Reply | Private Reply | To 10 | View Replies]

To: dayglored
There is simply no excuse for Internet Explorer being used anywhere but in a museum of Early Internet Curiosities.

I would like a true alternative on the Windows OS side besides Google Chrome based browsers. Firefox went down the rabbit hole a long time ago, and Safari abandoned the platform altogether. Everyone else (Opera, Brave) has taken Google's offering.
12 posted on 01/18/2020 12:23:08 PM PST by Dr. Sivana (There is no salvation in politics)
[ Post Reply | Private Reply | To 7 | View Replies]

To: dayglored

We’re all gonna die!


13 posted on 01/18/2020 12:27:48 PM PST by McGruff
[ Post Reply | Private Reply | To 1 | View Replies]

To: dayglored

BFL


14 posted on 01/18/2020 12:35:41 PM PST by Cold Heart (.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: McGruff

WE'RE DOOMED!!

15 posted on 01/18/2020 12:39:30 PM PST by dayglored ("Listen. Strange women lying in ponds distributing swords is no basis for a system of government."`)
[ Post Reply | Private Reply | To 13 | View Replies]

To: mrsmith
> I assume profit is involved.

That's partly it. The other parts are:

Microsoft's products still suffer from the mistakes made in the early years, when "COOL" was everything and "SECURITY" was nothing.
16 posted on 01/18/2020 12:42:54 PM PST by dayglored ("Listen. Strange women lying in ponds distributing swords is no basis for a system of government."`)
[ Post Reply | Private Reply | To 9 | View Replies]

To: dayglored

So that is why doing searches using google has suddenly gotten crappy.


17 posted on 01/18/2020 12:49:42 PM PST by GreyFriar (Spearhead - 3rd Armored Division 75-78 & 83-87)
[ Post Reply | Private Reply | To 1 | View Replies]

To: dayglored

Good point. I’ve always been careful about the internet and often don’t understand the attitude of the careless, or sympathise with them.


18 posted on 01/18/2020 12:55:57 PM PST by mrsmith (Dumb sluts (M / F) : Lifeblood of the Media, Backbone of the Democrat/RINO Party!)
[ Post Reply | Private Reply | To 16 | View Replies]

To: dayglored

Surf, using VirtualBox and sign in to a Virtual machine.


19 posted on 01/18/2020 1:04:39 PM PST by dfwgator (Endut! Hoch Hech!)
[ Post Reply | Private Reply | To 8 | View Replies]

To: dayglored
We still have IE11 on all three of our computers, but use Firefox just about 100% of the time.

Just out of curiosity, if I removed Explorer today, how likely would it be that tomorrow I would be saying "Dang, this particular function (nothing specific in mind so far) used to be so much easier with Explorer?"

20 posted on 01/18/2020 1:41:35 PM PST by deoetdoctrinae (Gun-free zones are playgrounds for criminals.)
[ Post Reply | Private Reply | To 4 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-4041-42 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson