Posted on 01/18/2020 11:49:22 AM PST by dayglored
Still using Internet Explorer? Don't. There's another zero-day
Microsoft let slip on Friday an advisory detailing an under-attack zero-day vulnerability (CVE-2020-0674) for Internet Explorer. The scripting engine flaw can be exploited to gain remote code execution on a vulnerable machine by way of a specially crafted webpage. The flaw can be mitigated by restricting access to the JavaScript component JScript.dll, and thus far there is no patch available.
"Microsoft is aware of this vulnerability and working on a fix," the software giant noted.Unless you're an enterprise still requiring IE for various apps, you should really consider moving off Exploder at this point. If you want to stay with Microsoft, there is the new Edge browser, or you can opt for Chrome, Firefox, Opera, Brave, or any number of other browser options."Our standard policy is to release security updates on Update Tuesday, the second Tuesday of each month. This predictable schedule allows for partner quality assurance and IT planning, which helps maintain the Windows ecosystem as a reliable, secure choice for our customers. Microsoft is aware of limited targeted attacks."
From the above-linked Microsoft Security Advisory:
... The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website, for example, by sending an email.
Note: The bold emphasis in the article quoted is mine.
But really, ‘fess up now, you’re not STILL using Internet Exxplorer, right? RIGHT???
Well, it is ONE way to get a menu bar and yes, there are still big corporate pages that work properly only with IE.
THE PATCH HAS BEEN OUT FOR YEARS...
Don’t surf as admin.
I wish such companies would publicize the fact that they're still in that state. It speaks very poorly of their commitment to business security.
I know very well, being in that business, that it takes a lot of time, effort, and money to rewrite a big business application or website for portability once it's been written for IE. Maybe Microsoft could set up a fund that companies could request and tap for help in cutting loose from IE. :-)
Anyway, if I knew which companies were still in that state, I would make a point of avoiding their web sites and web services. It's freakin' 2020. There is simply no excuse for Internet Explorer being used anywhere but in a museum of Early Internet Curiosities.
Well, that advice is of course excellent and has indeed been published for many years.
Care to venture a guess as to what percentage of Windows users surf using their admin-priv user account?
More interesting...
why doesn’t Windows make it a default to put IE, or any browser, only in a user accounts?
I don’t like Edge because I’m not allowed to modify it like I can IE.
Why won’t they let user at least modify it’s settings to make it more secure?
I assume profit is involved.
I got the fix ...
Remove the nameserver for microsoft.com from the domain registry.
Give 'em time, they'll do it themselves. Microsoft has TWICE inadvertently allowed one of their critical domain names to expire.
https://whoapi.com/blog/5-all-time-domain-expirations-in-internets-history/
We’re all gonna die!
BFL
WE'RE DOOMED!!
That's partly it. The other parts are:
So that is why doing searches using google has suddenly gotten crappy.
Good point. I’ve always been careful about the internet and often don’t understand the attitude of the careless, or sympathise with them.
Surf, using VirtualBox and sign in to a Virtual machine.
Just out of curiosity, if I removed Explorer today, how likely would it be that tomorrow I would be saying "Dang, this particular function (nothing specific in mind so far) used to be so much easier with Explorer?"
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.