Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

New IE Zero-Day Being Exploited In the Wild

Unknown Lamer posted about 2 years ago | from the die-ie-die dept.

Internet Explorer 134

wiredmikey writes "A new zero-day vulnerability affecting Internet Explorer is being exploited in the wild affecting IE 9 and earlier. The vulnerability, if exploited, would allow full remote code execution and enable an attacker to take over an affected system. Security researcher Eric Romang discovered the vulnerability and exploit over the weekend while monitoring some infected servers said to be used by the alleged Nitro gang. To run the attack, a file named 'exploit.html' is the entry point of the attack ... According to analysis by VUPEN, the exploit takes advantage of a 'use-after-free vulnerability' that affects the mshtml.dll component of Internet Explorer. Rapid7 on Monday released an exploit module for Metaspolit which will let security teams and attackers alike test systems."

cancel ×

134 comments

Sorry! There are no comments related to the filter you selected.

I/E 9 at risk (4, Funny)

minstrelmike (1602771) | about 2 years ago | (#41368443)

I'm shocked. Shocked I tell you.

Re:I/E 9 at risk (1)

Anonymous Coward | about 2 years ago | (#41368515)

I'm shocked. Shocked I tell you.

Clearly we should stop supporting all browsers before IE12 and Firefox 39725.1

Re:I/E 9 at risk (4, Funny)

localman57 (1340533) | about 2 years ago | (#41368597)

Also, I think they should modify all future browsers to use extra caution when opening a file called "exploit.html" . In retrospect, it seems so obvious...

Re:I/E 9 at risk (1)

multiben (1916126) | about 2 years ago | (#41368669)

Lol :D Yes, they may as well have called it "fuck-u-up.html"

Re:I/E 9 at risk (2)

amicusNYCL (1538833) | about 2 years ago | (#41369423)

We should take a page from the book of the mod_security team and add "exploit.html" to our list of URL filters. Make sure your AV software is also set to block "virus.exe" from running.

The mod_security reference is about the fact that they block files called "shell.php" from running, as if blocking specific filenames equals security. We had a hard time figuring out why the servers were refusing to acknowledge the existence of the PHP scripts that were launching our courseware shells.

Re:I/E 9 at risk (2)

c0lo (1497653) | about 2 years ago | (#41370731)

Also, I think they should modify all future browsers to use extra caution when opening a file called "exploit.html" . In retrospect, it seems so obvious...

No need... a properly configured firewall will do it [ietf.org] before the browser gets the page

Re:I/E 9 at risk (0)

Delarth799 (1839672) | about 2 years ago | (#41368675)

Firefox 39725.1 was released two weeks ago man! Get with the times, currently we are using Firefox 82349.9 with Firefox 10^2 coming out in another month.

Re:I/E 9 at risk (2)

JustOK (667959) | about 2 years ago | (#41368743)

FF 10^100 = google chrome

Re:I/E 9 at risk (1)

parkinglot777 (2563877) | about 2 years ago | (#41372947)

FF 10^100 = google chrome

FF 10^100 == google chrome

Fixed...

Re:I/E 9 at risk (1)

RaceProUK (1137575) | about 2 years ago | (#41372945)

Firefox 10^2

I think you meant Firefox 10^20

Re:I/E 9 at risk (1)

mcgrew (92797) | about 2 years ago | (#41373371)

Clearly we should stop supporting all browsers before IE12 and Firefox 39725.1

Unless I'm mistaken, IE is the only browser to ever be vulnerable to a drive-by (please correct me if I'm wrong). I thought with W7 MS had pretty much gotten its act together in regards to security and software bugs, but I guess I was wrong about that.

Just say no to Microsoft. It isn't safe.

Re:I/E 9 at risk (0)

Anonymous Coward | about 2 years ago | (#41368547)

A more beautiful web... one exploit after another.

Re:I/E 9 at risk (1)

DarkOx (621550) | about 2 years ago | (#41368623)

I know you were going for funny but, well "I am shocked."

Microsoft has taken IE security pretty seriously and has established a pretty darn good track record with IE7->9 so far, at least on ASLR enabled platforms. I am surprised to see a reliable exploit that can be implemented as a drive-by on otherwise current platforms. This going to be a big deal and likely force an off cycle patch.

Re:I/E 9 at risk (0)

Anonymous Coward | about 2 years ago | (#41369595)

No, they haven't. And no, they don't.

Unless you're comparing them to their prior efforts instead of to their competitors.

Re:I/E 9 at risk (1)

Anonymous Coward | about 2 years ago | (#41370325)

IE 9 has aslr, sandboxing, drp, plis a phishing list protection. You can hate on their html 5 support but only Chrome comes close.

IE 9 has holes and so does Chrome and Ff. Especially with flash!

Obviously (1)

cultiv8 (1660093) | about 2 years ago | (#41368629)

One of these devs [hewgill.com] was on the job.

Re:I/E 9 at risk (5, Insightful)

girlintraining (1395911) | about 2 years ago | (#41368751)

I'm shocked. Shocked I tell you.

Almost every major browser in use has had a vulnerability. Those that haven't are vulnerable because of commonly-used plugins. It's not just IE9, it's browsers in general... it's the repeated and systemic perversion and added complexity of trying to turn the web into the end-all and be-all of the internet. When it was created, the uses for it were not as complicated as they are now.

It's the complexity of the web that is its vulnerability -- I honestly don't think there's a way to write a truly-secure web browser because everything from the protocols up have been shoehorned into things they were never designed to do. The entire thing needs to be jettisoned -- html, css, xml, http, ssl, everything. We need to start over from scratch, and build a new set of protocols and specifications, not just continually band-aid over existing ones. And this time, security needs to be a design consideration from the start, not evolved in.

Anyone with an understanding of information systems' security will tell you -- security needs to be built in from the start or it doesn't matter how much effort you put in later, you're going to be chasing down problems forever. Start with a secure and vetted design and it's a lot more likely to perform. Of course, real security would mean that governments, corporations, and other interested parties wouldn't be able to snoop on what you're doing -- anything sent in the clear can be screwed with. Oh... and it wouldn't be as convenient as it is today; You'd have to think about what you were doing, instead of blithering about and when you get "hacked" blaming everyone but yourself.

Real security would mean no more excuses... from anyone. That's why you won't exactly be seeing a parade down main street anytime soon congratulating people on making computers more secure; Responsibility? Not on MY internet!

Re:I/E 9 at risk (1)

Anonymous Coward | about 2 years ago | (#41368899)

The entire thing needs to be jettisoned? Start over from scratch? The odds of that happening to the web are about the same as the odds of that happening with the government. It sounds good, but it's far from practical.

Well, you can mitigate the damage (2)

davidwr (791652) | about 2 years ago | (#41369053)

Running web browsers in a well-written sandbox with only very careful access to "the outside machine" will help keep browser bugs from turning into system-wide vulnerabilities.

Sure, someone may take over your browser and turn it into DNS-generation-engine, but once you quit your browser, anything left over will require a social-engineering attack ("download catpics.exe and after you quit your browser, run it!") to continue living.

While no sandbox is perfect [informationweek.com] , there is (hopefully) a smaller and better-engineered code base to maintain.

You Miss The Issue (0)

Anonymous Coward | about 2 years ago | (#41372145)

By using C or C++, lots of security risks come from rather mundane tasks such as parsing HTML or XML. A C buffer overflow allows for code injection and it can happen in a CSV parser as much as in a JS engine. Yes, more code normally means more problems. But it has little to do with scripting. You can turn off scripting and plugins in many browsers already. But it won't protect you from what is still enabled - HTML parsing, layouting, image libraries, CSS and so on. There have been exploitable bugs in JPEG and GIF libraries. Stop using C and C++ would be the right thing to do. Search for "Memory Safe Language", if you want to research the subject. Too many C and C++ developers think that they are better than average and will never write exploitable bugs. Of course that is a fallacy.

Re:I/E 9 at risk (2)

hairyfeet (841228) | about 2 years ago | (#41371863)

Yeah, I put this right beside those users that posted to tell me "Oh IE isn't fragmented, you just have to buy the latest OS to use it!" wow, really? No shit.

The sad part is I at this point really don't have much in the way of sympathy anymore for anyone using IE and getting boned. this is like a dog walking out in front of a car and getting hit again and again, sooner or later you just figure its Darwin's way of thinning the herd of the dumbasses in the breed.

The only nice thing I can say about IE is thanks to Steve "herpa derp" Ballmer cutting loose the IE team after IE 6 and just letting the damned thing rot we have more choices than ever so there really is no excuse. You've got Chrome and Chromium and Comodo Dragon in that line, Firefox and Kmeleon and Seamonkey and IceDragon in the Gecko line, then you have Safari and QTWeb and Opera.

Frankly we've got choice coming out of our asses folks, everyone can have the web THEIR way, so even though I like Dragon you might like Seamonkey or Opera and that's fine, you get the web YOUR way and I'll get my web my way.

But unless you are forced by a very stupid (or hamstringed by bad intranet apps) IT dept there really is no point running IE and as TFA demonstrates plenty of reasons not to. Its the #1 target by far because the malware writers know the truly clueless users, those that think that 30 day trial of Norton that expired 3 years ago equals having an antivirus and who will click on any damned thing, use IE because they don't know any better. For them IE users are easy pickings and again, Darwinism, they should have learned the first time they got burned.

This is why I no longer support IE in ANY way. Some customer tells me they have IE problems? i give them their choice of Dragon or IceDragon (Firefox spinoff) and THEN if they have a problem with it I'll help, but every. single. time. I've had a user tell me they have "A problem with Internet explorer" I open the thing up and its got more toolbars and other malware bullshit than you can even count, anybody stupid enough to use IE while the spyware and toolbars and other shit just keeps piling up deserves what they get.

Re:I/E 9 at risk (0)

Anonymous Coward | about 2 years ago | (#41373247)

Yeah, I put this right beside those users that posted to tell me "Oh IE isn't fragmented, you just have to buy the latest OS to use it!" wow, really? No shit.

The sad part is I at this point really don't have much in the way of sympathy anymore for anyone using IE and getting boned. this is like a dog walking out in front of a car and getting hit again and again, sooner or later you just figure its Darwin's way of thinning the herd of the dumbasses in the breed.

The only nice thing I can say about IE is thanks to Steve "herpa derp" Ballmer cutting loose the IE team after IE 6 and just letting the damned thing rot we have more choices than ever so there really is no excuse. You've got Chrome and Chromium and Comodo Dragon in that line, Firefox and Kmeleon and Seamonkey and IceDragon in the Gecko line, then you have Safari and QTWeb and Opera.

Frankly we've got choice coming out of our asses folks, everyone can have the web THEIR way, so even though I like Dragon you might like Seamonkey or Opera and that's fine, you get the web YOUR way and I'll get my web my way.

But unless you are forced by a very stupid (or hamstringed by bad intranet apps) IT dept there really is no point running IE and as TFA demonstrates plenty of reasons not to. Its the #1 target by far because the malware writers know the truly clueless users, those that think that 30 day trial of Norton that expired 3 years ago equals having an antivirus and who will click on any damned thing, use IE because they don't know any better. For them IE users are easy pickings and again, Darwinism, they should have learned the first time they got burned.

This is why I no longer support IE in ANY way. Some customer tells me they have IE problems? i give them their choice of Dragon or IceDragon (Firefox spinoff) and THEN if they have a problem with it I'll help, but every. single. time. I've had a user tell me they have "A problem with Internet explorer" I open the thing up and its got more toolbars and other malware bullshit than you can even count, anybody stupid enough to use IE while the spyware and toolbars and other shit just keeps piling up deserves what they get.

If I had any mod point, they would be coming your way.

It's not aZero Day (0)

Anonymous Coward | about 2 years ago | (#41368471)

Once it's in Metasploit its not a zero-day anymore. Microsoft has already had a few hours to deal with this threat, and system administrators are starting to find out about it, so if you want to exploit it, you're going to run into people who have blocked your exploit because they know about it. That means its not a zero-day anymore.

If an exploit is reported on Slashdot, it is by definition no longer a zero-day exploit.

Re:It's not aZero Day (2)

M0j0_j0j0 (1250800) | about 2 years ago | (#41368839)

and probably Vupen already sold it 10 months ago to , Ebay style.

Yes and no (1)

davidwr (791652) | about 2 years ago | (#41369081)

If there are no practical, well-understood or at least vendor-supported work-arounds, then for the vast majority of people, it's still a "zero-day."

Hopefully MS and the other affected vendors (e.g. Adobe) will announce a practical work-around within a day or two.

I should be safe! (1)

dougmc (70836) | about 2 years ago | (#41368529)

... as long as it doesn't strike in those first few minutes where I have a freshly installed system and am using IE to download FIrefox (IE is great for this, by the way!) ... then I should be safe!

You should be safe (1)

davidwr (791652) | about 2 years ago | (#41369107)

I think this actually requires you to visit a poisoned web site.

So, unless the web site or torrent that you are getting Firefox from is compromised, you should be okay.

Re:You should be safe (2)

jafiwam (310805) | about 2 years ago | (#41373093)

Not really.

Compromised ad servers seem to happen often enough still. People have in not so recent past gotten infected from not so dangerous sites such as CNN.com.

Some sites are such morasses of server calls to other places all jumbled in one page it defies description. True, someone visiting the same four sites is going to be OK, but someone visiting Facebook (as an example) may very well be exposed.

Re:I should be safe! (2)

w3c.org (1039484) | about 2 years ago | (#41372231)

windows key + r cmd ftp ftp.mozilla.org cd /pub/mozilla.org/firefox/releases/latest/win32/en-US/ get "Firefox Setup 15.0.1.exe"

Day Zero (3, Funny)

puddingebola (2036796) | about 2 years ago | (#41368535)

Been saing for years that if we'd just get rid of day zero on the calendar that so many security concerns could be solved, but instead we get yet another vulnerability. How did this happen on day 260?

Let's blame Unix! (1)

93 Escort Wagon (326346) | about 2 years ago | (#41368689)

After all, you're right - there sure seem to be a lot of Day 0 vulnerabilities. If programming languages just started counting from 1 like sensible people do, this could all be avoided.

Re:Let's blame Unix! (0)

Anonymous Coward | about 2 years ago | (#41368873)

Sensible people = 1st floor => floor at ground level
Everyone else = 1st floor => first floor above the ground level floor

Re:Let's blame Unix! (1)

jimshatt (1002452) | about 2 years ago | (#41372263)

I actually refer to them as ground zero, ground one, etc. With 'ground' as past tense of 'grind' of course.

Re:Day Zero (0)

Anonymous Coward | about 2 years ago | (#41373101)

The term Zero Day, only means that the vulnerability was released to the public, before the patch. So the software companies have zero days to make a patch before its being used by all the wannabe kiddie hackers.

Re:Day Zero (0)

Anonymous Coward | about 2 years ago | (#41373241)

WOOSH

How many IE9 users got infected? (1)

Anonymous Coward | about 2 years ago | (#41368545)

Both.

XP Only? (0)

Anonymous Coward | about 2 years ago | (#41368579)

The underlying flaw affects IE 9 and earlier, and from what has been seen so far, the in-the-wild exploit only targets IE 8 and 7 on Windows XP only, Bekrar said.

“The vulnerability was probably found by fuzz testing and its exploitation was trivial on Windows XP,” Bekrar added.

Getting fed up (4, Interesting)

gravyface (592485) | about 2 years ago | (#41368701)

of shoddy browser security. Could this not be "solved" with proper sandboxing? If there's legacy code to support (this has been cited many times in the past for reasons why), please, please fork IE into two branches: IE Classic or whatever that's fully backwards compatible, and an IE Lite that's completely sandboxed and locked down for wide-spread corporate deployment.

Re:Getting fed up (0)

Anonymous Coward | about 2 years ago | (#41368931)

LOL, it's that 'corporate deployment' that requires the full backwards compatibility. If it were not for crappy intranet sites we'd all be able to use the latest stuff all the tim.

Re:Getting fed up (1)

gravyface (592485) | about 2 years ago | (#41372547)

Meant to say "business" deployment. Oh Slashdot, some day when you're big and strong you'll have an edit feature.

Re:Getting fed up (2)

Bozzio (183974) | about 2 years ago | (#41373223)

It's only a matter of tim.

Re:Getting fed up (1)

GoodNewsJimDotCom (2244874) | about 2 years ago | (#41369067)

Not just IE. All of Windows could be sandboxed. Exe should not be able to modify files outside their own install directory. Leave legacy support for old trusted .exes though.

Re:Getting fed up (2)

pokoteng (2729771) | about 2 years ago | (#41369167)

And it is that "legacy support" that is causing half the problems of Windows. It's never good to support legacy, at least, not without very careful consideration. Considering sandboxing though, it might just be alright to have all the legacy stuff in a VM-like environment entirely and have your host system be something a lot more stable. That just sounds like having linux host + windows guests though.

Re:Getting fed up (0)

Anonymous Coward | about 2 years ago | (#41369307)

No, not even the install directory should be modified, only the %APPDATA% and other working folders. All programs should be run as their own users and added to groups for accessing only the necessary data. This is exactly how I run & administer Linux systems. I simply chroot and runas in my launchers -- My own toy OS does this natively by requiring all applications to configure their user & group permissions at install time, similar to mobile phones' permissions. That this isn't the default way everything already works speaks to how utterly worthless everyone else is in terms of security (except us *nix admins). Protip, that's why Apache runs as its own user on your LAMP.

Re:Getting fed up (2)

Bengie (1121981) | about 2 years ago | (#41369869)

All programs should be run as their own users

Network admins would love creating 30 user accounts for every person and every person would love remembering 30 accounts.

All of Windows could be sandboxed (1)

SpaceLifeForm (228190) | about 2 years ago | (#41371469)

True, true. And simple also. Just have all the routers do DPI on the traffic, and if it is from a Windows machine, then just drop the packet.

Re:Getting fed up (0)

Anonymous Coward | about 2 years ago | (#41372031)

Exe should not be able to modify files outside their own install directory.

Wouldn't this mean you couldn't even be able to save files?

Re:Getting fed up (0)

DigiShaman (671371) | about 2 years ago | (#41369943)

You and me both! Just how many times has IE been patched to plug a "full remote code execution" bug? How many more damn times must we see a zero-day IE exploit that can render total ownage of an OS?

Defective by design indeed!

Re:Getting fed up (0)

Anonymous Coward | about 2 years ago | (#41370279)

Ie has been sandboxed for years. Only chrome is that zandboxed while FF is not!

IE 9=!IE 6

Its rendering engine is a differeny story though. :-)

IE 9 is certainly usable for corp users and has improved.

Re:Getting fed up (1)

yuhong (1378501) | about 2 years ago | (#41370917)

AFAIK the original exploit targets XP where it is NOT sandboxed.

Re:Getting fed up (0)

Anonymous Coward | about 2 years ago | (#41373133)

Dude, Someone figured out how to use java, to run a script when you go to a web page. Turn off java, and you dont have an issue.

stealthy file name (0)

binarstu (720435) | about 2 years ago | (#41368709)

They (as in the bad guys) named their main attack vector "exploit.html?" Yeah -- nothing suspicious-sounding about that one.

Question: (1)

Starteck81 (917280) | about 2 years ago | (#41368725)

I have a question. Does the exploit work on Win 7 machines or just Win XP?

Yes I RTFAed. It doesn't really spell out what combo of IE and Windows are vulnerable.

Re:Question: (5, Informative)

thetoadwarrior (1268702) | about 2 years ago | (#41368799)

Ie 9 isn't on XP.

Re:Question: (2)

rgbrenner (317308) | about 2 years ago | (#41371655)

do you think the "and earlier" versions that are also vulnerable might be on XP?

Re:Question: (1)

Blakey Rat (99501) | about 2 years ago | (#41368961)

IE9 only runs on Vista, 7 and Server 2008. So XP isn't affected assuming IE8 also isn't. (Since they didn't mention IE8, I assume you're safe?)

Re:Question: (1)

Blakey Rat (99501) | about 2 years ago | (#41369021)

Oop, the SecurityWeek article specially mentions that IE7 and IE8 on XP *are* affected and exploits them were spotting in the wild.

This means:
IE7, IE8 on XP = definitely vulnerable
IE7, IE8, IE9 on Vista/7 = probably vulnerable but no exploit seen in the wild

Re:Question: (0)

Anonymous Coward | about 2 years ago | (#41371805)

Oop, the SecurityWeek article specially mentions that IE7 and IE8 on XP *are* affected and exploits them were spotting in the wild.

Good think I'm running IE6!

HAHAHAHAH! SUXXORS!

Re:Question: (1)

fatphil (181876) | about 2 years ago | (#41369047)

TFA:
"""
The underlying flaw affects IE 9 and earlier, and from what has been seen so far, the in-the-wild exploit only targets IE 8 and 7 on Windows XP only, Bekrar said.
"""

TFS mentions the "earlier" versions too.

Re: all versions (0)

Anonymous Coward | about 2 years ago | (#41370351)

IE 7 - 9 in all versions of Windows. However, flash is used for the exploit

Re:Question: (1)

Curate (783077) | about 2 years ago | (#41369051)

From TFA:

The underlying flaw affects IE 9 and earlier, and from what has been seen so far, the in-the-wild exploit only targets IE 8 and 7 on Windows XP only, Bekrar said.

exploit yes, virus no (5, Informative)

planckscale (579258) | about 2 years ago | (#41368803)

This exploit has been targeting chem and defense companies. The thing about these exploits is that they typically are just a method to drop the actual payload which is usually a virus or trojan. In this case it looks like the payload is Poison Ivy, which was added to NOD32 AV defs back in 2008. Yes, the attacker could compromise the machine and get admin shell, but the majority of the time they’re installing a keylogger or other virus which NOD32 will catch.

From TFA:

First, a file named “exploit.html” appears to be the entry point of the attack, which loads “Moh2010.swf”, an encrypted Flash file that it decompress in memory.

According to AlienVault's Jaime Blasco, the payload dropped is Poison Ivy, as was the case with the previous Java zero-day. Poison Ivy is a remote administration tool (RAT) that was used the Nitro attacks that targeted chemical and defense companies. Interestingly, after exploitation, the attack loads “Protect.html”, a file that checks to see if the Web site is listed in the Flash Storage settings, and if it is, the Web browser will no longer be exploited despite additional visits to the malicious site.

Re:exploit yes, virus YES'S (0)

Anonymous Coward | about 2 years ago | (#41373199)

The exploit allows the virus to attack. The "drive by" has been around since 2008. Look at the antivirus virus, there is also a couple of FBI virus. They lock you out of your stuff, change your settings, mark every folder and file on your computer as hidden. From what I can tell its a flaw in the way IE allows Flash to use the browser. Then the real hole, is how windows, allows IE to "make changes" to the kernal. If everything HAD to be downloaded and installed manually, this would not be an issue. Or if FLASH, would step up to the plate and fix their stuff, ( including but not limited to, adding itself to boot when windows runs, having an installer constantly running in the background, having the updater, check for updates every 7-10 mins, not allowing any form of settings to control the program), then there would not be a problem. If you ask me This "new security hole", should be pushed back on flash to fix their crap. Flash is basically a virus that dont break anything to the point of unfixable. They use their script to fix what they break when they break it.

Pointless (-1)

Anonymous Coward | about 2 years ago | (#41368891)

The only ones who will ever get attacked by this exploit, are the ones who shouldn't be using a computer so much they are stupid.

"the zero-day season is really not over yet" (1)

davidwr (791652) | about 2 years ago | (#41368911)

Some say a diamond is forever.

I'd say the same about "the zero-day season" at least with respect to systems like Windows as we know it + commonly used 3rd party applications as we know them.

Re:"the zero-day season is really not over yet" (0)

Anonymous Coward | about 2 years ago | (#41373347)

The term "Zero-Day" means the virus was released to the public, before it was shown to the company that should fix it. The company now has zero days to make a patch before the exploit is released to the public.

new zero-day? (1)

csumpi (2258986) | about 2 years ago | (#41369245)

How is that possible? Isn't "new" and "zero-day" mutually exclusive?

Re:new zero-day? (1)

ameoba (173803) | about 2 years ago | (#41370979)

No - redundant.

Does this include IE9-64? (2)

fast turtle (1118037) | about 2 years ago | (#41369261)

Yes I RTFA and didn't see any information on whether IE9-64 is affected. Pretty lousy of the tester to not bother indicating if the problem is only with the 32bit version as the 64bit has a better baseline security configuration. Due to these issues, it's just one of the reasons I also use Palemoon64. Improved security such as full ASLR along with DEP support so I'm hopefull this does not affect IE9-64 due to the limited number of folks actually using it.

Re:Does this include IE9-64? (4, Informative)

WD (96061) | about 2 years ago | (#41369507)

Yes, IE9-64 is affected by the vulnerability. Whether exploits in the wild will succeed against it is another question...

Re:Does this include IE9-64? (0)

Anonymous Coward | about 2 years ago | (#41373049)

No the IE9 default is not, so unless you config your settings to allow it your safe...

But wait... (0)

elliott666 (447115) | about 2 years ago | (#41369387)

I thought PCs didn't get viruses?

Oh wait, that was Macs.

And why I run Opera Browser (0)

Anonymous Coward | about 2 years ago | (#41369445)

I've used Opera for ages, I feel it's the best on the market, but there's security through obscurity
Sadly Opera allows this security.

Safety precautions (1)

joeflies (529536) | about 2 years ago | (#41369815)

So as long as I don't visit a page called exploit.htm I should be ok?

LOL MACS R 4 FEGS (-1)

Anonymous Coward | about 2 years ago | (#41369991)

lololollolollololo

Internet Explorer is still a thing? (4, Funny)

Trogre (513942) | about 2 years ago | (#41370057)

Isn't IE that tool people use to download Firefox?

Re:Internet Explorer is still a thing? (1)

tqk (413719) | about 2 years ago | (#41370697)

Isn't IE that tool people use to download Firefox?

(0) kiak /home/keeling_ aptitude search explore
p bzr-explorer - GUI application for using Bazaar
p emboss-explorer - web-based GUI to EMBOSS
p kzenexplorer - manage tracks and playlists on Creative La
p swac-explore - audio collections of words (SWAC) explorer
p tracker-explorer - metadata database, indexer and search tool
(0) kiak /home/keeling_ which firefox
/usr/bin/firefox

Nope. "Oh. My. Gawd! Another IE zero day exploit!" Well, if you weren't using the !@#$ it was installed with, you wouldn't need to care. Popcorn anyone?

Re:Internet Explorer is still a thing? (1)

Kalriath (849904) | about 2 years ago | (#41371037)

[root@server ~]# aptitude search explore
-bash: aptitude: command not found
[root@server ~]# which firefox /usr/bin/which: no firefox in (/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin)

Nope.

Re:Internet Explorer is still a thing? (1)

tqk (413719) | about 2 years ago | (#41371435)

apt-get install aptitude && aptitude update && apt-get install iceweasel && HTH. # Enjoy. :-)

FF was installed with the OS when I reinstalled recently. Tooduls.

Re:Internet Explorer is still a thing? (0)

Anonymous Coward | about 2 years ago | (#41371949)

[root@server ~]# apt-get
-bash: apt-get: command not found

Nope.

[root@server ~]# links

Re:Internet Explorer is still a thing? (1)

Trogre (513942) | about 2 years ago | (#41372401)

yum install firefox?

pacman -S firefox?

Re:Internet Explorer is still a thing? (0)

Anonymous Coward | about 2 years ago | (#41372363)

Why would you need to download Firefox just to install Chrome? IE can deal with Chrome download page just fine.

Re:Internet Explorer is still a thing? (0)

Anonymous Coward | about 2 years ago | (#41372797)

Maybe he wants to use more than a few tabs.

Re:Internet Explorer is still a thing? (0)

Anonymous Coward | about 2 years ago | (#41373261)

Isn't IE that tool people use to download Firefox?

Be careful with your jokes, friend! 'girlintraining' is going to read that and come back with a lengthy, boring rebuttal.

so this affects what... about 5 users? (1)

tresstatus (260408) | about 2 years ago | (#41370335)

does anyone actually use IE when they don't have to?

Re:so this affects what... about 5 users? (0)

Anonymous Coward | about 2 years ago | (#41370827)

*yawn*

Re:so this affects what... about 5 users? (1)

tqk (413719) | about 2 years ago | (#41370913)

does anyone actually use IE when they don't have to?

I've known people who thought IE was the Internet. No amount of $BASEBALLBAT could sway them from that belief. There's people on /. who think they'll never have to give up on XP.

Hence, Win* malware. It's some weird, deficient intellect related, form of masochism is all I can think. Whatever floats your boat, I guess.

Question though: (1)

MtViewGuy (197597) | about 2 years ago | (#41370839)

Does this exploit work if you're running a modern Internet security suite such as the new Norton Internet Security 2013 with all anti-malware definitions up to date? Mind you, my default web browser on my desktop and laptop is Google Chrome 21.0.1180.89, the current "stable" release version.

Re:Question though: (1)

GoogleShill (2732413) | about 2 years ago | (#41371165)

I'm sure once the anti-malware vendors update their signatures in a few days they will detect it, but for now its fair game. The problem with anti-malware/anti-virus software as that they are purely reactive, they really don't help much against zero-day attacks.

Re:Question though: (1)

MtViewGuy (197597) | about 2 years ago | (#41371259)

I'd almost agree, but most companies that sell Internet security software update their definitions many times a day around the clock. In fact, in Norton Internet Security 2013 on my desktop and laptop computers, the updates occur at least 7-8 times per days for the latest anti-malware definitions.

Re:Question though: (1)

GoogleShill (2732413) | about 2 years ago | (#41371755)

I don't know what they are updating, but they certainly are not pushing signature updates 7-8 times a day. Not enough new threats come out every day to warrant that kind of update cycle.

FWIW, I don't even see an official product page for the "2013" version, which makes me think you might be running a trojan and the 2012 version only updates every few days [symantec.com] , which is typical.

Re:Question though: (1)

MtViewGuy (197597) | about 2 years ago | (#41373215)

I'm running the 2013 version, given it was directly downloaded from Symantec's own web site. :-) The release version (which came out a week ago) is 20.1.1.2. In fact, I found out that NIS 2013 can do "pulse" updates of anti-malware definitions about 2-3 rimes per hour.

DNH: 1 (2)

seandiggity (992657) | about 2 years ago | (#41370867)

But I thought they turned on that "Do Not Hack" HTTP header??

UAC is pointless (2)

GoogleShill (2732413) | about 2 years ago | (#41371233)

This exploit gains the privileges of the running user on Windows Vista and 7. The entire point of all the "allow/deny" popup BS with UAC was because they wanted to restrict processes to the lowest privilege necessary. IE is supposed to be a high-risk, sandboxed application and yet this exploit magically gets around it and gains access to the full user's account, which probably has admin rights on the machine. MS does not understand security. You don't start out by giving a user admin rights, you make them ask for it, a la 'sudo'. UAC starts out by keeping the user an administrator, and dropping the rights for new processes and trying to intercept when those processes need higher access so that the OS can display a verification prompt. Since Vista, this has been exploited over and over again. The only way to be safe under windows is to always use a low-priv account, and type in the full username/password of an administrator whenever the UAC prompt comes up, and that is a terrible user experience.

M$ and Their LUsers (0)

Anonymous Coward | about 2 years ago | (#41371551)

M$ has made laziness and convenience a virtue. Lots of people, especially those who control some money, think computers should require zero intellectual investment. The Philosophy Of Dumbing Down.

Re:UAC is pointless (0)

Anonymous Coward | about 2 years ago | (#41372853)

You don't need admin rights to put a keylogger on Linux

UAC was always a compromise between keeping Windows secure and keeping it easy to use. It was meant to be an extra hurdle that hackers would need to jump to gain access, not a be-all and end-all solution. Generally speaking, the vast majority of times UAC is bypassed, it's because there's an exploit in a program that already has admin rights (Flash, acrobat and java being the favs).

C and C++ Are the Culprit (-1)

Anonymous Coward | about 2 years ago | (#41371529)

Once again a typical flaw of the C and C++ languages. "use after free". In the future we have to use Memory Safe Languages or this kind of thing will never stop.

Also, don't tell me it is a matter of negligence. Software engineers are always under pressure to deliver code, they are sometimes a bit sick while working and there are deadlines to meet. That holds true even in the open source world.

Here is my attempt at a Memory Safe and Efficient language:

http://sourceforge.net/projects/sappeurcompiler/

This language offers almost all of the performance-critical features of C and C++ such as stack allocation, object aggregation, object arrays, destructors and it does not run in a VM. Garbage is collected using refcounters. Also, multithreaded race conditions cannot destroy the heap.

The Slashdot Mental Disconnect (0)

Toreo asesino (951231) | about 2 years ago | (#41372271)

I wonder, given many people here are convinced it's a dying product, why a story like this makes the front-page? Either IE is popular so news like this is important, or IE is a side-lined product that has no relevance...it seems that narrative changes depending on if the news is good or bad.

I find it curious we rarely hear about new major product releases from MS, but the second there's a vulnerability it's the top story. Are we interested in IT or just IT that isn't MSFT tech? There's a difference.

Meh, what am I saying. This place is unashamedly like the Fox News of IT - interested in a narrative only, not reality. Flame away.

I'm late to the party but... (0)

Anonymous Coward | about 2 years ago | (#41372649)

Would this be usable on xbox-es running the beta fall update?

One of the two features its featuring is IE (the other some f2p mmofps).

Why is this news? (0)

Anonymous Coward | about 2 years ago | (#41373027)

This has been around for years! The 2008 Antivirus virus is a grand example of this. And I do believe Microsoft knew about this years ago. In 2009 the virus changed its name, and again in 2011 and 1012. There is a new form of the virus out which displays a fake FBI screen, which you can not do anything about untill you pay. ( unless you are technically inclined, or happen to know someone who is). I Cant believe this is just now getting attention... Oh wait, this is MS, I am talking about.. I guess I do believe it.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>