« Instant Messaging | Main | Java »

Thursday, September 19, 2013

Internet Explorer Zero-day Exploit

Microsoft has released a "Fix-it" for a zero-day flaw in its Internet Explorer 8 browser. This flaw is being addressed by Microsoft but until the next security updates are released this is your best bet to avoid being a victim.

Go here: http://support.microsoft.com/kb/2847140 and scroll down to the Fix-it ENABLE icon - click on this icon, download and then double-click the the .msi file to install.

Although no reboot or other actions need be taken after the Fix-it is installed you should also download the Fix-it DISABLE file (right beside the original icon) and save the file - it is possible that before the next security update Microsoft will stongly suggest you remove the original Fix-it and this DISABLE file will do that.

You could also simply bookmark the page and download the file when needed.

Whatever.

Posted by Matthew Carrick at 10:42.01 AM EDT | Permanent Link
Comment by Matthew - Thursday 19th September 2013 11:49:43 AM

NOTE: This fix is only for 32-bit Internet Exploder.

| Categories: Best Practices, Internet Explorer, Privacy Issues, Security Alerts

Saturday, May 11, 2013

Internet Explorer 8 Zero-day Exploit

Microsoft has released a "Fix-it" (because calling it a "patch" sounds icky?) for a zero-day flaw in its Internet Explorer 8 browser. This flaw is being addressed by Microsoft but until the next security updates are released this is your best bet to avoid being a victim.

Go here: http://support.microsoft.com/kb/2847140 and scroll down to the Fix-it ENABLE icon - click on this icon, download and then double-click the the .msi file to install.

Although no reboot or other actions need be taken after the Fix-it is installed you should also download the Fix-it DISABLE file (right beside the original icon) and save the file - it is possible that before the next security update Microsoft will stongly suggest you remove the original Fix-it and this DISABLE file will do that.

You could also simply bookmark the page and download the file when needed.

Whatever.

Saturday, February 02, 2013

Twitter Hack and Java

The recent hack of Twitter appears to have been accomplished via some Java exploit. The insecure nature of Java is well known and unless you specifically require Java your best practice is to uninstall it via the Control Panel under Windows. If you do require Java you need to uninstall the Java plugin for browsers. Check out 'ole Krebs on Security for the details.

If you keep Java set it to auto-update once a day. Handy, dandy screencaps illustrating the simple process are here.

Wednesday, June 13, 2012

Microsoft FixIt Released

Hot on the heels of the June 12th 'Patch Tuesday' Microsoft has released one of its FixIt tools. This addresses a flaw in Internet Explorer that could allow attackers to take control of users systems after they simply visit a specially authored Web page. These FixIt tools are released before official patches are available and help to protect users between each 'Patch Tuesday'.

Visit http://support.microsoft.com/kb/2719615 and click on the Icon entitled 'Enable'. If the Fixit causes some strange behavior in your system them navigate back to the page and click the Icon entitled 'Disable'.

Posted by Matthew Carrick at 9:59.34 AM EDT | Permanent Link

| Categories: Best Practices, Internet Explorer, Security Alerts

Wednesday, March 16, 2011

Internet Explorer 9 Filters ActiveX

Microsoft's Internet Explorer 9 (IE9) allow for filtering of ActiveX controls. This should allow for much greater security from devious scripts. All you Windows XP users are out of luck as IE9 will not run on this Operating System (OS). Use Firefox, Opera or Chrome browsers for maximum security under Windows XP. If you run Windows 7 or (gasp) Windows Vista you can and should use IE9.

Monday, January 31, 2011

Critical Windows Flaw Targets IE

A security flaw in Windows MHTML (MIME Encapsulation of Aggregate HTML) protocol handler that is used by Windows applications to render ceertain document types can allow evil-doers to take control of a users Internet Explorer sessions.

Bill has a fix here: http://support.microsoft.com/kb/2501696 . Click the icon located about halfway down the page under Enable To lock down MHTML and follow the instructions.

Thursday, December 23, 2010

IE Exploit for Xmas!

Microsoft's Internet Explorer is the target of a new zero day attack.
Best Practice? If you're using IE, stop.
If you must use IE then perhaps Sandbox it with Sandboxie.
Why not try Firefox (with the awesome No-Script Add-on) or Opera instead?
Safer, Better and hip . . . like the kids say.
Posted by Matthew Carrick at 10:26.44 PM EST | Permanent Link
Comment by Matthew - Wednesday 05th January 2011 08:29:54 PM

Bill has posted a 'Fix it' for this annoyance here: http://support.microsoft.com/kb/2490606

| Categories: Adware/Spyware, Best Practices, Internet Explorer, Mozilla Firefox, Opera, Privacy Issues, Security Alerts, Viruses-Trojans-Worms

Tuesday, March 02, 2010

Internet Explorer F1 Key Flaw

If you use any of the last several versions of Internet Explorer you are advised to not press the F1 key if prompted by any web site. A flaw has been discovered that could open up your Windows machine (except Vista, way to go Bill!) to evil-doers. The Microsoft Security Advisory (981169) is here: http://www.microsoft.com/technet/security/advisory/981169.mspx

The quote from Microsoft below:

Successful exploitation of this vulnerability requires that users assist the exploit by pressing the F1 key on their keyboard. Our analysis shows that if users do not press the F1 key on their keyboard, the vulnerability cannot be exploited.

Consequently, malicious Web sites may attempt to persuade users into pressing the F1 key. Such a Web site could invoke an endless loop of dialog boxes that tell the user to press the F1 key to end the loop, or offer information such as pricing information or help to be revealed through the F1 key.

Users are advised to avoid pressing F1 presented by Web pages or other Internet content. If a dialog box appears repeatedly in an attempt to convince the user to press F1, users may log off the system or use Task Manager to terminate the Internet Explorer process.

Posted by Matthew Carrick at 1:37.10 PM EST | Permanent Link

| Categories: Best Practices, Internet Explorer, Security Alerts

Wednesday, December 17, 2008

IE Patched in Record Time

Microsoft has patched the critical flaw in its Internet Explorer browser in mere days. Good job! If you have Windows Automatic Update turned on you should already be patched depending on when you have set your PC to download and install the fix.

Windows Update View of Hotfix KB960714

With more and more people aware of the problem it was incumbent upon Bill to fix the problem before even more folks ditched IE for more secure browsers such as Opera or Firefox. Either you're part of the problem or part of the solution and although Microsoft was late in embracing the Internet it seems they are moving towards being less of a vector for malware, spyware, viruses, etc. Let's hope the upcoming IE 8 is an even better experience for the vast number of users who, for some reason, never get the itch to try other browsers.

Posted by Matthew Carrick at 6:24.42 PM EST | Permanent Link

| Categories: Internet Explorer, Security Alerts