Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Microsoft to release emergency Internet Explorer patch on Monday
Network World ^ | January 13, 2013 11:06 PM | Jeremy Kirk, IDG News Service

Posted on 01/14/2013 6:55:52 AM PST by palmer

IDG News Service - Microsoft will release a patch on Monday for older versions of its Internet Explorer browser, deviating from its normal repair schedule due to the seriousness of the problem.

The vulnerability, which is present in IE 6, 7 and 8, is a memory corruption issue. It can be exploited by an attacker via a drive-by download, a term for loading a website with attack code that delivers malware to a victim's computer if the person merely visits the website.

...

The patch, which will be released at 10 AM PST, will be distributed through Windows Update. Childs wrote users will not have to uninstall the quick fix before applying the patch, which will be installed automatically for those who have automatic updates enabled.

...

(Excerpt) Read more at networkworld.com ...


TOPICS: Business/Economy
KEYWORDS: internetexploder
While there were no less than 7 threads on a Java zero day vulnerability there were exactly none explaining the actual problem: visiting malicious websites.

If you have plain old IE (no Java) and visit malicious websites, you will eventually get pwned. If you allow Flash to run and visit malicious websites you will get pwned. Likewise numerous other plug-ins and programs including the browser itself. I mostly recommend not visiting malicious websites. I also recommend click-to-flash on Safari which stops all Flash, Java and HTML5 from running until I click to tell it to run (e.g. a video that I want to watch). It is painless and keeps me safe.

1 posted on 01/14/2013 6:55:58 AM PST by palmer
[ Post Reply | Private Reply | View Replies]

To: palmer

malicious web sites ?


2 posted on 01/14/2013 7:01:48 AM PST by UB355 (Slower traffic keep right)
[ Post Reply | Private Reply | To 1 | View Replies]

To: UB355

Basically any website that is not mainstream. Mainstream includes all news, newspapers, popular blogs and forums, and basically every link you ever see posted here. Malicious sites are 90% porn and 9% too-good-to-be-true.


3 posted on 01/14/2013 7:03:51 AM PST by palmer (Obama = Carter + affirmative action)
[ Post Reply | Private Reply | To 2 | View Replies]

To: palmer

I’m sorry but I don’t trust this claim.

How do we know this isn’t a ‘govt induced’ way of getting and installing ‘backdoors’ into older browsers ? We really know NOTHING about the content of any downloads like this.

I still use IE 6, I will take my risks.


4 posted on 01/14/2013 7:05:56 AM PST by George from New England (escaped CT in 2006, now living north of Tampa)
[ Post Reply | Private Reply | To 1 | View Replies]

To: George from New England
We really know NOTHING about the content of any downloads like this.

That's true. MS purposely obfuscates to prevent reversing what the bug was. Obfuscation can serve other nefarious purposes. Personally I prefer lynx over any other browser, for obvious reasons. When I have to look at pretty pictures I use safari. I am typing this post with lynx.

5 posted on 01/14/2013 7:09:15 AM PST by palmer (Obama = Carter + affirmative action)
[ Post Reply | Private Reply | To 4 | View Replies]

To: palmer

Not true this time around . I had this virus on a laptop my wife uses for her non malicious shopping, news and travel sites.


6 posted on 01/14/2013 7:10:05 AM PST by UB355 (Slower traffic keep right)
[ Post Reply | Private Reply | To 3 | View Replies]

To: palmer

I am typing with fingers — am I backwards or what.

Do you mean linux or do you really have a big pet?


7 posted on 01/14/2013 7:10:58 AM PST by George from New England (escaped CT in 2006, now living north of Tampa)
[ Post Reply | Private Reply | To 5 | View Replies]

To: George from New England

lynx is a text-only browser, most often run on linux but there is no relation. It is ported to Windows. A text-only browser shows you the text only and you can scroll down to the buttons and hit enter. It is clumsy at first but easy to get used to. I just typed this fantastic response into the text field, now I will scroll down and hit post.


8 posted on 01/14/2013 7:15:52 AM PST by palmer (Obama = Carter + affirmative action)
[ Post Reply | Private Reply | To 7 | View Replies]

To: palmer

Even mainstream sites can’t be trusted. If you think only porn sites have viruses, you’re very naive.


9 posted on 01/14/2013 7:16:15 AM PST by Kirkwood (Zombie Hunter)
[ Post Reply | Private Reply | To 3 | View Replies]

Sun released their fix to Java today. See filehippo.com or any of the other many download sites. x86 and x64.


10 posted on 01/14/2013 7:17:05 AM PST by USCG SimTech (Honored to serve since '71)
[ Post Reply | Private Reply | To 7 | View Replies]

To: Kirkwood

I left room for mainstream in the 1%. Some mainstream sites that are poorly run can allow malicious content or links to malicious sites. I don’t think it is common, but it is possible.


11 posted on 01/14/2013 7:20:41 AM PST by palmer (Obama = Carter + affirmative action)
[ Post Reply | Private Reply | To 9 | View Replies]

To: George from New England

Lynx is a web browser.


12 posted on 01/14/2013 7:22:07 AM PST by Izzy Dunne (Hello, I'm a TAGLINE virus. Please help me spread by copying me into YOUR tag line.)
[ Post Reply | Private Reply | To 7 | View Replies]

To: palmer

I got an upgrade notice for Java yesterday. It updates to version 7 update 11. It is supposed to address the recent security issue.

It is available under the ‘Downloads’ button at

http://java.com


13 posted on 01/14/2013 7:23:19 AM PST by TomGuy
[ Post Reply | Private Reply | To 1 | View Replies]

To: palmer

I only uses Internet Exploder to run Windows Update. Could that be listed as a malicious site?


14 posted on 01/14/2013 7:25:00 AM PST by Paleo Conservative (Just because you're paranoid doesn't mean they're not really out to get you.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: palmer

what is this lynx in which you speak of?


15 posted on 01/14/2013 7:25:25 AM PST by Blue Highway
[ Post Reply | Private Reply | To 5 | View Replies]

To: Blue Highway
http://en.wikipedia.org/wiki/Lynx_%28web_browser%29
16 posted on 01/14/2013 7:27:04 AM PST by palmer (Obama = Carter + affirmative action)
[ Post Reply | Private Reply | To 15 | View Replies]

To: Paleo Conservative

I would put MS at the top of the list.


17 posted on 01/14/2013 7:28:27 AM PST by palmer (Obama = Carter + affirmative action)
[ Post Reply | Private Reply | To 14 | View Replies]

To: USCG SimTech

Thanks and bttt


18 posted on 01/14/2013 7:28:34 AM PST by novemberslady
[ Post Reply | Private Reply | To 10 | View Replies]

To: UB355

malicious web sites

http://salon.com/
http://www.newsweek.com/
barackobama.com

Microsoft will now allow you to filter out these sites.


19 posted on 01/14/2013 7:30:20 AM PST by Morris70
[ Post Reply | Private Reply | To 2 | View Replies]

To: palmer
popular blogs and forums,

Sorry, but I have seen malware from "popular" automotive forums and at least one link from an auction site.

20 posted on 01/14/2013 7:38:15 AM PST by NY.SS-Bar9 (Mitt has dogs for pets - Obama had them for lunch)
[ Post Reply | Private Reply | To 3 | View Replies]

To: palmer

IMHO, a home computer user would have to be out of his mind to use IE at all. At a work site I’d only use it for the occasional business site which simply din’t function with other browsers.


21 posted on 01/14/2013 7:49:23 AM PST by varmintman
[ Post Reply | Private Reply | To 1 | View Replies]

To: palmer; UB355

While its true that certain types of sites have a higher incidence of malware it is not that simple.

Sites which focus on content intended for children, celebrities, porn, gambling and a few other areas have a higher risk for malware.

Sites such as Foxnews, Drudgereport, Walmart and many other mainstream sites have been compromised to serve malware. Visiting those sites was enough to allow malware into your unprotected computer regardless of the OS.

This is often done through the advertising content those sites use to generate revenue. The criminal writes the malware and inserts it into an ad. They submit the ad to the advertising company which puts it on the mainstream sites. In other cases the sites themselves are compromised when the owners fail to maintain it properly and they get hacked.

We had one customer who had a linux site compromised when they failed to properly patch the installed software.


22 posted on 01/14/2013 7:57:20 AM PST by driftdiver (I could eat it raw, but why do that when I have a fire.)
[ Post Reply | Private Reply | To 3 | View Replies]

To: UB355

The only virus I ever got was from a very mainstream U.K. news site. Just make sure all your filters are up to date.


23 posted on 01/14/2013 7:59:31 AM PST by Excellence (9/11 was an act of faith.)
[ Post Reply | Private Reply | To 2 | View Replies]

To: George from New England

The govt doesn’t need to install backdoors into IE 6, there are plenty already provided by IE 6.

If you have a computer connected to the internet it can be hacked. If you do crazy things like post to FR or talk about the Constitution then the govt has probably already visited your PC.


24 posted on 01/14/2013 8:00:03 AM PST by driftdiver (I could eat it raw, but why do that when I have a fire.)
[ Post Reply | Private Reply | To 4 | View Replies]

To: Paleo Conservative

You can do windows update without IE through Control Panel/System and Security. Just be sure to pick and choose what you update. For example, one of my “optional” updates is to use Bing as my desktop (I’m running Win8). No thanks.


25 posted on 01/14/2013 8:08:42 AM PST by Excellence (9/11 was an act of faith.)
[ Post Reply | Private Reply | To 14 | View Replies]

To: UB355

Also those pop-up websites that lurk under everything that you don’t see until you close your browser. Close that through task manager or from the task bar. I’ve learned the hard way to not touch the frame.


26 posted on 01/14/2013 8:11:32 AM PST by Excellence (9/11 was an act of faith.)
[ Post Reply | Private Reply | To 2 | View Replies]

To: George from New England
...How do we know this isn’t a ‘govt induced’ way of getting and installing ‘backdoors’ into older browsers ?...

More than likely one is already built in to the OS.

27 posted on 01/14/2013 8:13:00 AM PST by FReepaholic (Stupidity is not a crime, so you're free to go.)
[ Post Reply | Private Reply | To 4 | View Replies]

To: palmer

Bump for later.


28 posted on 01/14/2013 8:16:00 AM PST by Andy'smom
[ Post Reply | Private Reply | To 1 | View Replies]

To: TomGuy

Thanks.


29 posted on 01/14/2013 8:26:33 AM PST by Postman (........................................................I'm thinking! I'm thinking!!)
[ Post Reply | Private Reply | To 13 | View Replies]

To: palmer
I also recommend click-to-flash on Safari which stops all Flash, Java and HTML5 from running until I click to tell it to run (e.g. a video that I want to watch). It is painless and keeps me safe.

Not being computer knowledgeable I have little idea of what your speaking. Please explain for those of us who are not up to date.

30 posted on 01/14/2013 9:08:43 AM PST by fella ("As it was before Noah, so shall it be again,")
[ Post Reply | Private Reply | To 1 | View Replies]

To: driftdiver

I got one from one of Drudges connections two days ago. It came on as warning that there was a virus and I needed to click on the warning to clear it. The warning looked like a legit microsoft logo. I physically disconnect my modem and then work with my installed anti-virus software. In the past I’ve gotten caught with one of those just trying to clear the logo.


31 posted on 01/14/2013 9:11:03 AM PST by Cold Heart
[ Post Reply | Private Reply | To 22 | View Replies]

To: fella
Click-to-Flash runs as an extension in my Safari browser (I use a mac). The extension intercepts incoming web pages and strips out flash and java (and HTML5) and replaces them with labeled icons showing you that there is some flash or whatever in that spot on the web page.

I see the whole web page, but in place of annoying ads or flash running and doing things I don't want, I see a gray box labeled flash. When I click on the box, it runs the flash so I can see a movie or radar animation or other flash content that I want to see without being bothered by the rest of it.

32 posted on 01/14/2013 9:43:32 AM PST by palmer (Obama = Carter + affirmative action)
[ Post Reply | Private Reply | To 30 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson