Welcome Anonymous !

[rrplay]

Online attackers just never seem to stop exploiting vulnerabilities in Internet Exporter that has been a favorite for them to execute malicious code on unsuspecting and un-patched PCs., when visiting booby-trapped websites. In there own advisory Microsoft officials had confirmed the active attacks and encouraged its customers to apply a temporary fix as soon as possible.

"These attacks are being distributed both via malicious web pages intended for Internet Explorer users and through Office documents," Andrew Lyons, a Google security engineer, wrote in a blog post published Tuesday. "Users running Windows XP up to and including Windows 7 are known to be vulnerable."

In part if its monthly Patch Tuesday, Microsoft had issued 7 updates that patch 26 vulnerabilities in it software Lyons said that Google researchers alerted Microsoft to the attacks on the XML package two weeks ago and that "Microsoft has been responsive to the issue and has been working with us."

Researchers from antivirus provider McAfee, reported that "The exploit works across all major Windows platforms, including Windows Vista and Windows 7," McAfee researcher Yichong Lin wrote in an advisory. "It leverages return-oriented programming (ROP) exploitation technology to bypass... data execution [prevention] (DEP) and address space layout randomization (ASLR) protections, and hook-hopping evasion techniques to evade host-based IPS detections."

In a frequently asked question section of Tuesday's Microsoft Security Bulletin MS12-037, company officials said:

"Microsoft is aware of limited attacks attempting to exploit the vulnerability. However, when the security bulletin was released, Microsoft had not seen any examples of proof of concept code published." A corresponding exploitability index said only that exploit code was "likely." But according to Lin, he and his colleagues discovered the attack on June 1 and worked with Microsoft as it prepared Tuesday's fix.

Microsoft on Tuesday issued a temporary fix for a separate vulnerability that attackers are also exploiting to execute malicious code on end-user machines.According to Zero-Day blogger Ryan Naraine, attacks targeting that vulnerability, which resides in an XML component included in Windows, this had prompted recent warnings that Google issued to users who may be the victims of state-sponsored attacks.

Source: Microsoft

[slugbug]

Wow, people still use Internet Explorer?

[JMHTL]

I don't use IE but I did apply the temp fix today just to be sure it didn't break anything.

[slugbug]

So did I.

[bob2701]

Ditto.

[Manduh]

Wow, people still use Internet Explorer?

LOL the Bell tech that came to my house was trying to find it on my pc, I removed all shortcuts including the one on my start menu. I laughed and was like. "you use IE"??
He didn't feel comfortable sifting through my computer so I had to open it for him from the programs folder lol. He would have been SOL if I decided to actually remove it I guess their 'tech site' doesn't play nice with any other browser.

[ana3mic]

I actually remove it from my Windows install before even starting it a single time

[rrplay]

Wow, people still use Internet Explorer?

LOL the Bell tech that came to my house was trying to find it on my pc, I removed all shortcuts including the one on my start menu. I laughed and was like. "you use IE"??... I guess their 'tech site' doesn't play nice with any other browser.

Had a similar experience with my ISP that they primarily require IE to activate the account info in the IE browser.Already knew that in advance and had the shortcut available but mainly interested in having the Speed Test bookmarked and run it from IE & Firefox while they tech guy was still there to verify the speed.Which we did.

Either way after reading some of the links, and to elaborate a bit more with some of yesterday news posts, it is always a necessity to be absolutely diligent with updates as they roll out because there just might be a Shortage of Cyber Security Experts in U.S.!

*** Some of this topic regarding IE sorta reminds me of a phone conservation earlier in the day when a "wizard/ tech guru / sys admin" may have been sought to help a family member, that apparently "knows all the ins and outs of there own computer" yet are totally lacking in any basic fundamentals and understanding. Pretty sure several of the members here know what I mean. So it may be best to share some of your savvy insights from time to time simply because they are probably still in love with IE on the rig that may have gone the upgrade path from Vista to Win 7 or something else to help them along.Some of these folks have probably never heard of Patch Tuesday.

[BackDraft]

Wow, it's usually patch Wednesday or Thursday here in Florida land.
I don't use IE but there are occasions like some credit card payment sites that still aren't compatible with FF or chrome. Totally bogus but true. You figure they would update their system to support other browsers. For those I call in and refuse to pay the extra fee. Reason, I don't have or use IE and cannot be forced to use it. Usually works.