New IE zero-day attack reported
Results 1 to 6 of 6

Thread: New IE zero-day attack reported

  1. November 10th, 2013, 01:07 PM #1
    SpywareDr's Avatar
    SpywareDr
    SpywareDr is offline VirtualDr PC Specialist
    Join Date
    Apr 2005
    Location
    Maryland, USA
    Posts
    17,806

    New IE zero-day attack reported

    Summary: Security company FireEye has found a zero-day exploit in Internet Explorer hosted on a breached web site in the United States. EMET may be used to mitigate.
    Doc - Citizen Lab's "Security Planner" (Bruce Schneier advisor) - Motherboard's comprehensive "Guide to Not Getting Hacked" - EFF's "Surveillance Self-Defense" - Bleeping Computer - Security News

    MAGA = Make Aerosmith Great Again | Mexicans Always Get Across
    Reply With Quote Reply With Quote
  2. November 10th, 2013, 02:06 PM #2
    photolady's Avatar
    photolady
    photolady is offline Lifetime Friend of Site Staff
    Join Date
    Mar 2002
    Location
    At my computer, cruising VDR and watching your back
    Posts
    23,412
    I'm glad I don't use IE any version. FF and Opera are better.
    Reply With Quote Reply With Quote
  3. November 10th, 2013, 05:11 PM #3
    SpywareDr's Avatar
    SpywareDr
    SpywareDr is offline VirtualDr PC Specialist
    Join Date
    Apr 2005
    Location
    Maryland, USA
    Posts
    17,806
    Yep, right now I suppose that is true.

    The specific exploit targets the English versions of Internet Explorer 7 and 8 on Windows XP and IE8 on Windows 7. FireEye says their analysis indicates that the vulnerability behind it affects IE 7, 8, 9 and 10.

    FireEye does not say if IE10 on Windows 8 is affected or if they examined IE11.
    Doc - Citizen Lab's "Security Planner" (Bruce Schneier advisor) - Motherboard's comprehensive "Guide to Not Getting Hacked" - EFF's "Surveillance Self-Defense" - Bleeping Computer - Security News

    MAGA = Make Aerosmith Great Again | Mexicans Always Get Across
    Reply With Quote Reply With Quote
  4. November 11th, 2013, 10:48 AM #4
    HAN's Avatar
    HAN
    HAN is offline Virtual PC Specialist!!!
    Join Date
    Feb 2002
    Location
    USA
    Posts
    4,319
    For anyone interested in EMET, here is an excellent review and guide for version 4.

    http://www.dedoimedo.com/computers/windows-emet-v4.html
    Reply With Quote Reply With Quote
  6. November 11th, 2013, 11:34 AM #5
    SpywareDr's Avatar
    SpywareDr
    SpywareDr is offline VirtualDr PC Specialist
    Join Date
    Apr 2005
    Location
    Maryland, USA
    Posts
    17,806
    Excellent, thanks Han.

    --

    What make this attack a little more worrisome, is the fact that the second stage isn't written to a file. Rebooting would get rid of it of course but, without knowledge your system was compromised, how would you be able to tell if sensitive data was stolen?
    Doc - Citizen Lab's "Security Planner" (Bruce Schneier advisor) - Motherboard's comprehensive "Guide to Not Getting Hacked" - EFF's "Surveillance Self-Defense" - Bleeping Computer - Security News

    MAGA = Make Aerosmith Great Again | Mexicans Always Get Across
    Reply With Quote Reply With Quote
  7. November 12th, 2013, 02:23 PM #6
    SpywareDr's Avatar
    SpywareDr
    SpywareDr is offline VirtualDr PC Specialist
    Join Date
    Apr 2005
    Location
    Maryland, USA
    Posts
    17,806
    Microsoft to patch zero-day bug Tuesday (today)
    Doc - Citizen Lab's "Security Planner" (Bruce Schneier advisor) - Motherboard's comprehensive "Guide to Not Getting Hacked" - EFF's "Surveillance Self-Defense" - Bleeping Computer - Security News

    MAGA = Make Aerosmith Great Again | Mexicans Always Get Across
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules