Skip to comments.Microsoft to release emergency Internet Explorer patch on Monday
Posted on 01/14/2013 6:55:52 AM PST by palmer
IDG News Service - Microsoft will release a patch on Monday for older versions of its Internet Explorer browser, deviating from its normal repair schedule due to the seriousness of the problem.
The vulnerability, which is present in IE 6, 7 and 8, is a memory corruption issue. It can be exploited by an attacker via a drive-by download, a term for loading a website with attack code that delivers malware to a victim's computer if the person merely visits the website.
The patch, which will be released at 10 AM PST, will be distributed through Windows Update. Childs wrote users will not have to uninstall the quick fix before applying the patch, which will be installed automatically for those who have automatic updates enabled.
(Excerpt) Read more at networkworld.com ...
If you have plain old IE (no Java) and visit malicious websites, you will eventually get pwned. If you allow Flash to run and visit malicious websites you will get pwned. Likewise numerous other plug-ins and programs including the browser itself. I mostly recommend not visiting malicious websites. I also recommend click-to-flash on Safari which stops all Flash, Java and HTML5 from running until I click to tell it to run (e.g. a video that I want to watch). It is painless and keeps me safe.
malicious web sites ?
Basically any website that is not mainstream. Mainstream includes all news, newspapers, popular blogs and forums, and basically every link you ever see posted here. Malicious sites are 90% porn and 9% too-good-to-be-true.
I’m sorry but I don’t trust this claim.
How do we know this isn’t a ‘govt induced’ way of getting and installing ‘backdoors’ into older browsers ? We really know NOTHING about the content of any downloads like this.
I still use IE 6, I will take my risks.
That's true. MS purposely obfuscates to prevent reversing what the bug was. Obfuscation can serve other nefarious purposes. Personally I prefer lynx over any other browser, for obvious reasons. When I have to look at pretty pictures I use safari. I am typing this post with lynx.
Not true this time around . I had this virus on a laptop my wife uses for her non malicious shopping, news and travel sites.
I am typing with fingers — am I backwards or what.
Do you mean linux or do you really have a big pet?
lynx is a text-only browser, most often run on linux but there is no relation. It is ported to Windows. A text-only browser shows you the text only and you can scroll down to the buttons and hit enter. It is clumsy at first but easy to get used to. I just typed this fantastic response into the text field, now I will scroll down and hit post.
Even mainstream sites can’t be trusted. If you think only porn sites have viruses, you’re very naive.
Sun released their fix to Java today. See filehippo.com or any of the other many download sites. x86 and x64.
I left room for mainstream in the 1%. Some mainstream sites that are poorly run can allow malicious content or links to malicious sites. I don’t think it is common, but it is possible.
Lynx is a web browser.
I got an upgrade notice for Java yesterday. It updates to version 7 update 11. It is supposed to address the recent security issue.
It is available under the ‘Downloads’ button at
I only uses Internet Exploder to run Windows Update. Could that be listed as a malicious site?
what is this lynx in which you speak of?
I would put MS at the top of the list.
Thanks and bttt
malicious web sites
Microsoft will now allow you to filter out these sites.
Sorry, but I have seen malware from "popular" automotive forums and at least one link from an auction site.
IMHO, a home computer user would have to be out of his mind to use IE at all. At a work site I’d only use it for the occasional business site which simply din’t function with other browsers.
While its true that certain types of sites have a higher incidence of malware it is not that simple.
Sites which focus on content intended for children, celebrities, porn, gambling and a few other areas have a higher risk for malware.
Sites such as Foxnews, Drudgereport, Walmart and many other mainstream sites have been compromised to serve malware. Visiting those sites was enough to allow malware into your unprotected computer regardless of the OS.
This is often done through the advertising content those sites use to generate revenue. The criminal writes the malware and inserts it into an ad. They submit the ad to the advertising company which puts it on the mainstream sites. In other cases the sites themselves are compromised when the owners fail to maintain it properly and they get hacked.
We had one customer who had a linux site compromised when they failed to properly patch the installed software.
The only virus I ever got was from a very mainstream U.K. news site. Just make sure all your filters are up to date.
The govt doesn’t need to install backdoors into IE 6, there are plenty already provided by IE 6.
If you have a computer connected to the internet it can be hacked. If you do crazy things like post to FR or talk about the Constitution then the govt has probably already visited your PC.
You can do windows update without IE through Control Panel/System and Security. Just be sure to pick and choose what you update. For example, one of my “optional” updates is to use Bing as my desktop (I’m running Win8). No thanks.
Also those pop-up websites that lurk under everything that you don’t see until you close your browser. Close that through task manager or from the task bar. I’ve learned the hard way to not touch the frame.
More than likely one is already built in to the OS.
Bump for later.
Not being computer knowledgeable I have little idea of what your speaking. Please explain for those of us who are not up to date.
I got one from one of Drudges connections two days ago. It came on as warning that there was a virus and I needed to click on the warning to clear it. The warning looked like a legit microsoft logo. I physically disconnect my modem and then work with my installed anti-virus software. In the past I’ve gotten caught with one of those just trying to clear the logo.
I see the whole web page, but in place of annoying ads or flash running and doing things I don't want, I see a gray box labeled flash. When I click on the box, it runs the flash so I can see a movie or radar animation or other flash content that I want to see without being bothered by the rest of it.