IE Zero Day is "For Real"

KIA · 17 Sep 2012 at 19:29

I can confirm, the zero-day season is really not over yet. Less than three weeks after the discovery of the Java SE 7 0day, aka CVE-2012-4681, potentially used by the Nitro gang in targeted attacks, a potential Microsoft Internet Explorer 7 and 8 zero-day is actually exploited in the wild.

http://eromang.zataz.com/2012/09/16/zero-day-season-is-really-not-over-yet/

Switch to a better browser!

Glaucus · 17 Sep 2012 at 19:30

Yeah ie 9 or 10.
Keep upto date software and your chances of being attacked are mssievly reduced.

theheyes · 17 Sep 2012 at 19:38

If its the same one I was reading about before IE9 is vulnerable too. I suspect IE10 on Windows 8 isn't, though.

KIA · 17 Sep 2012 at 20:58

Glaucus said:
Yeah ie 9 or 10.
Keep upto date software and your chances of being attacked are mssievly reduced.

Ever heard of XP?

The only solution is to install a better browser.

MS better release an out of cycle patch ASAP.

Tute · 17 Sep 2012 at 21:00

I'm sorry but I think you'd have to be mad to run IE on Windows XP. Chrome is clearly the way to go there.

PMKeates · 17 Sep 2012 at 21:46

KIA said:
Ever heard of XP?

The only solution is to install a better browser.

MS better release an out of cycle patch ASAP.

To be fair, Windows XP is 11 years old.

KIA · 17 Sep 2012 at 21:48

PMKeates said:
To be fair, Windows XP is 11 years old.

There's still a huge install base.

PMKeates · 17 Sep 2012 at 21:51

KIA said:
There's still a huge install base.

Hopefully this will encourage them to update.

theheyes · 17 Sep 2012 at 22:07

Tute said:
I'm sorry but I think you'd have to be mad to run IE on Windows XP. Chrome is clearly the way to go there.

It's a big problem for businesses who don't necessarily have a choice.

KIA · 21 Sep 2012 at 19:03

Patches are out. https://isc.sans.edu/diary.html?storyid=14155&rss

robinbredin · 22 Sep 2012 at 10:31

Glaucus
Yeah ie 9 or 10.
Keep upto date software and your chances of being attacked are mssievly reduced.

Got a update KB2744842 for IE9 on win 7 64 bit this morning (26mb), could that have anything to do with it.

Glaucus · 22 Sep 2012 at 11:50

KIA said:
Patches are out. https://isc.sans.edu/diary.html?storyid=14155&rss

robinbredin said:
Got a update KB2744842 for IE9 on win 7 64 bit this morning (26mb), could that have anything to do with it.

Dano · 22 Sep 2012 at 14:29

While I don't dispute the issue I do have an issue when he states:

I tested these files on an up-to-date Microsoft Windows XP Pro SP3

And then shows us a video that clearly shows XP has updates waiting and security essentials disabled:

Destination · 22 Sep 2012 at 15:20

hehe naughty cheat mode

Anyway they patched this yesterday didn't they, we certainly had an out of phase security update, for IE.