Major Internet Explorer vulnerability

Started by JoeTomasone, December 16, 2008, 04:32:26 PM

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages 1 2 All
User actions

JoeTomasone

#20
December 17, 2008, 04:45:22 PM
Quote from: LtCol Hooligan on December 17, 2008, 04:40:02 PM
FYI- Microsoft will be releasing an out of band hot fix today to address this issue.  It should be pushed out through automatic updates and applied to your machines.  As long as you have your firewalls on and your virus scanners up to date, you will be fine.  The BBC article is a lot of smoke being blown and Microsoft is doing something about it.


I beg to differ.  Virus scanners may or may not be updated promptly (either by the vendor or by the user).  Both virus scanners and firewalls can be disabled by malware that does get executed.   

This is a serious vulnerability that could be widespread very shortly and affect anyone that does not apply the MS patch and who happens across a web site that exploits this flaw.   While I commend them for acting quickly, their speed and special attention to this are confirmation of how serious this is.

Speaking from a technical perspective as an IT security professional, this one isn't one you want to mess around with.

LtCol Hooligan

#21
December 17, 2008, 04:57:43 PM
Joe- I concur that this is important and believe me, the out of band patch would not have been released if it wasn't important.  Automatic updates are the key to success on Windows PCs.  I would not leave home without them.  Patch away everyone. 
ERIK C. LUDLOW, Lt Col, CAP
Director of IT; Director of Cadet Programs
North Dakota Wing, Civil Air Patrol
http://www.ndcap.us

MIKE

#22
December 17, 2008, 06:50:00 PM Last Edit: December 17, 2008, 06:56:22 PM by MIKE
Mike Johnston

A.Member

#23
December 17, 2008, 08:49:32 PM Last Edit: December 17, 2008, 08:53:41 PM by A.Member
Quote from: LtCol Hooligan on December 17, 2008, 04:57:43 PM
Joe- I concur that this is important and believe me, the out of band patch would not have been released if it wasn't important.  Automatic updates are the key to success on Windows PCs.  I would not leave home without them.  Patch away everyone. 
Agreed.  There will always be vulnerabilities to exploit, whether it's IE, FF, or something else.   To that, the demonization here around IE or Windows is a bit misplaced.  Security requires a multi-faceted approach, part of which includes patch updates.  Automatic updates are very important and shoud be utilized.
"For once you have tasted flight you will walk the earth with your eyes turned skywards, for there you have been and there you will long to return."

Larry Mangum

#24
December 17, 2008, 11:42:51 PM
For all of you Microsoft basher, really go look at the link provided ( http://www.us-cert.gov ) and you will find that they are not alone in having vulnerabilities that have to be patched regularly. The difference is that they are the big kids on the b lock so everybody takes shots at them.  But a look at the link will find patches for every major OS and browser listed, including your beloved Apple OS X and Linus.
Larry Mangum, Lt Col CAP
DCS, Operations
SWR-SWR-001

JoeTomasone

#25
December 18, 2008, 01:41:11 AM Last Edit: December 18, 2008, 02:07:37 AM by MIKE
Quote from: Who_knows? on December 17, 2008, 11:42:51 PM
For all of you Microsoft basher, really go look at the link provided ( http://www.us-cert.gov ) and you will find that they are not alone in having vulnerabilities that have to be patched regularly. The difference is that they are the big kids on the b lock so everybody takes shots at them.  But a look at the link will find patches for every major OS and browser listed, including your beloved Apple OS X and Linus.

Mac OS (and to a much smaller degree Linux) has benefited from "security by obscurity" (meaning not a big enough install base to bother) for a long time.    The ultimate irony is the Mac vs. PC commercial with the PC having a virus -- since every PC to Mac convert marks one more small step towards the Mac becoming a serious malware-worthy platform.

The malware-writer's theory:

Windows -- Massive install base, non-saavy users, lots of broadband.  Get 'em!

Linux -- Usually in well-defended server farms or in use by a guy smart enough to either block it, find me, or hack ME.

Mac -- Geez, can you even name 10 people who have one?  (And Steve Jobs doesn't count...)

EXArmySFinIowa

#26
December 18, 2008, 04:43:03 AM
Joe, sorry if you thought I was making assumptions concerning your choice of OS and Browser and dislike of Microsoft, I was not.  The story from the BBC was taken from SC magazine, the reporter at BBC misquoted the article, he has bashed MS every chance he gets. 

And for the recorded I'm running Win XP and a Virtual install of Linux, with the following: IE 8, FF 3.0.5, Thunderbird, Outlook, Office 2007, OpenOffice, I just hate to see a product beat up when there is not real basis, like has been said MS is the Big Boy, when one of the others take that spot we'll see people beat on them.

JoeTomasone

#27
December 18, 2008, 05:46:58 AM Last Edit: December 20, 2008, 04:41:52 AM by MIKE
Quote from: EXArmySFinIowa on December 18, 2008, 04:43:03 AM
Joe, sorry if you thought I was making assumptions concerning your choice of OS and Browser and dislike of Microsoft, I was not.  The story from the BBC was taken from SC magazine, the reporter at BBC misquoted the article, he has bashed MS every chance he gets. 

No problems here...  I dislike anyone who bashes any OS/platform from an elitist perspective; they are tools to do jobs - some do one job better than another, etc, etc.

Quote from: EXArmySFinIowa on December 18, 2008, 04:43:03 AM
And for the recorded I'm running Win XP and a Virtual install of Linux, with the following: IE 8, FF 3.0.5, Thunderbird, Outlook, Office 2007, OpenOffice, I just hate to see a product beat up when there is not real basis, like has been said MS is the Big Boy, when one of the others take that spot we'll see people beat on them.

I run Windows Vista for my main PC OS and laptop OS; Fedora for my web/email/IRC/Echolink/etc server, XP on the work laptop, and I have an iPhone (after many PalmOS Pilots and Treos).    I have my reasons for each; and they are (probably) only valid for me.

I don't tell people that PCs are better than Macs, or that the iPhone kicks the Blackberry's butt - because everyone's needs, wants, and desires differ.   I've had numerous Mac people try to convert me to the Mac OS platform - to which I ask, "why?".    The reasons I get all do not apply to me:  It crashes less (my PCs are well kept and have uptimes measured in months), less vulnerability to viruses (IT security type here, ain't happening), higher performance (than what?), etc.    Then there's the catchall "it's just better" (oh, geez, guess I *am* a dummy, huh?).   

That being said, I do recognize when you should prefer one product over another, and in this case, I recommend Firefox over IE any day of the week due to its feature set (although IE, of course, tends to catchup/leapfrog) and much better security history.    IE has simply had way too many very bad exploits over time.  I suspect that one day that will all be a memory with MS' increased emphasis on security, but that's not today.

EXArmySFinIowa

#28
December 20, 2008, 04:35:13 AM
New security flaws, for all my freinds running Mac's, Linux, and other open source software, last week was IE, this week Thunderbird, Firefox and Apple Macs are the products with critical vulnerabilities.  Please see the @RISK: The Consensus Security Vulnerability Alert Vol. 7 No. 51 at www.sans.org, for a list of vulnerabilities and fixes.

MIKE

#29
December 20, 2008, 04:47:34 AM
This ain't the technet forums.
Mike Johnston
Print
Go Up Pages 1 2 All
User actions