 |
Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
|
| View previous topic :: View next topic |
| Author |
Message |
datababe
Warrior
Joined: 13 Dec 2004
Last Visit: 10 Oct 2012
Posts: 217
Location: Inside your head
|
 Posted: Thu Nov 04, 2010 5:58 am Post subject: YAGE...for IE that is |
 |
|
As in Yet Another Grand Exploit:
http://threatpost.com/en_us/blogs/new-bug-internet-explorer-used-targeted-attacks-110310?utm_source=Newsletter_110310&utm_medium=Email+Marketing&utm_campaign=Newsletter&CID=
| Quote: |
The new IE flaw is likely to be targeted through drive-by download attacks, a common attack scenario for browser vulnerabilities.
"In a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker’s Web site," Microsoft said. |
MS Advisory on this:
https://www.microsoft.com/technet/security/advisory/2458511.mspx
Funny, JUST the other night we saw a link to a "hilarious video, this cracked me UP!" posted to a busy Facebook discussion, followed not too long after by a frantic disclaimer from the same person: "DON'T CLICK THAT, I DIDN'T POST THAT & DON'T KNOW HOW IT GOT HERE!!!".
I wondered how many machines got pwned.
*sigh*
_________________
- Datababe
Until you spread your wings, you'll have no idea how far you can walk.
http://redoakranch.x10hosting.com
http://datababe007.blogspot.com |
|
| Back to top |
|
 |
suzi
Site Admin
Joined: 27 Jul 2003
Last Visit: 20 May 2013
Posts: 10271
Location: sunny California
|
| Posted: Thu Nov 04, 2010 8:31 am Post subject: |
|
|
Anyone using IE should upgrade to IE 8 if they haven't already done so and enable DEP. Yesterday I read this exploit wasn't thought to be actively used... yet.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn.  |
|
| Back to top |
|
|
datababe
Warrior
Joined: 13 Dec 2004
Last Visit: 10 Oct 2012
Posts: 217
Location: Inside your head
|
| Posted: Thu Nov 04, 2010 11:14 am Post subject: |
|
|
| Quote: |
| At this time, we are aware of targeted attacks attempting to use this vulnerability. |
MS might want to check for a typo or two. At least, I hope that's a typo...then again, they might as well leave it.
(not sure whether to laugh or cry!)
_________________
- Datababe
Until you spread your wings, you'll have no idea how far you can walk.
http://redoakranch.x10hosting.com
http://datababe007.blogspot.com |
|
| Back to top |
|
|
suzi
Site Admin
Joined: 27 Jul 2003
Last Visit: 20 May 2013
Posts: 10271
Location: sunny California
|
| Posted: Fri Nov 05, 2010 7:21 am Post subject: |
|
|
They are probably right and I'm wrong.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. |
|
| Back to top |
|
|
datababe
Warrior
Joined: 13 Dec 2004
Last Visit: 10 Oct 2012
Posts: 217
Location: Inside your head
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group
|
