Vulnerability Found in Every Single Version of Internet Explorer

[evilfantasy]

Gizmodo: According to a confirmation by Microsoft late last night, a new zero day vulnerability has been found to affect every version of Internet Explorer. In other words—over a quarter of the entire browser market.

Full story: New Vulnerability Found in Every Single Version of Internet Explorer

[SuperDave]

Why doesn't MS show the hackers how to write the code? What do they hope to accomplish by releasing this news before they have a patch?

[BC_Programmer]

Oh Look, Flash is involved. Big surprise there.

Since IE 8 and later (at least to my recollection) require confirmation to run any Active Scripting content, so I'm not sure how it would work in IE8 or later given that.

[PCdoc]

Also Microsoft rushes to fix Internet Explorer after attacks; no fix for Windows XP users

[camerongray]

Also Microsoft rushes to fix Internet Explorer after attacks; no fix for Windows XP users

I may have grinned too much at that.  So much for "XP is still secure" 

[evilfantasy]

It's very convenient that XP just lost support and MS issues a 'severe warning' to almost all XP users. Upgrade or else...

[patio]

So where's the patch ? ?

[evilfantasy]

So far only workarounds (see the Suggested Actions section). There should be an Out-of-Band Patch from Microsoft coming soon through Windows Update. If they wait until the next Patch Tuesday (over 3 weeks away) then I will really question the severity of this threat.

[evilfantasy]

I think it just came through.

Security Update for Internet Explorer Flash Player KB2961887

Check Windows Update.

EDIT: I could be wrong. Adobe has released updates for all browsers today so it may just be a normal browser update.

[evilfantasy]

OK. It is the patch and is available at the Adobe website and through Windows Update.

Gizmodo: You Can Download Adobe's Patch for the Internet Explorer Flaw Right Now

Flash Player Help: Check if Flash Player is installed on your computer

They also released updates for Firefox, Mozilla, Netscape and Opera today so if you use those browsers I suggest updating them too. Adobe Flash Player for Firefox, Mozilla, Netscape, Opera 13.0.0.206

[evilfantasy]

 The Microsoft update is available through Windows Update. Description of the security update for Internet Explorer for systems that have security update 2929437

Applies to

* Internet Explorer 11
* Internet Explorer 10
* Windows Internet Explorer 9
* Windows Internet Explorer 8
* Windows Internet Explorer 7
* Microsoft Internet Explorer 6.0

Despite the scare tactics from Microsoft that XP will remain vulnerable this Out-of-Band update included Windows XP. Out-of-Band Release to Address Microsoft Security Advisory 2963983

We have made the decision to issue a security update for Windows XP users. Windows XP is no longer supported by Microsoft, and we continue to encourage customers to migrate to a modern operating system, such as Windows 7 or 8.1. Additionally, customers are encouraged to upgrade to the latest version of Internet Explorer, IE 11.

[DaveLembke]

Just curious... if people are using an alternate browser they are fine right? So if running Windows XP SP3 fully patched and Firefox 29, as long as they dont use IE as their browser they should be fine right? Or can a script on a web site with flash on say Firefox explicitly call IE? To me for IE to be called directly through use of say Firefox 29, someone would have to download and run a script manually that targets IE through alternate browsers. 

[evilfantasy]

I would imagine that any browser using the IE technology (Trident) could be vulnerable. I'm not sure though.

Flash was patched and now IE has been fully patched so, to me, this is a good example to why people should use the more popular browsers. They may be targeted for exploit more often but they are also more secure.

[PCdoc]

And then they released a fix for XP users. Read Article

[DaveLembke]

Microsoft is helping the estimated hundreds of millions of customers still running Windows XP, which it stopped supporting earlier this month

I guess this was written at the end of April and then released on 5/2 ... or the writer didnt realize that its May already. Either way cool to see that Microsoft stepped up to the plate with a fix for this. I will have to patch my one XP system when I get home from work even though I don't use IE but use Firefox instead. As evilfantasy pointed out earlier due to Trident ( IE Technology ) that carried over to other browsers its best to be safe than sorry.