Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

YAGE...for IE that is

 
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Security Notices & News
View previous topic :: View next topic  
Author Message
datababe
Warrior


Joined: 13 Dec 2004
Last Visit: 10 Oct 2012
Posts: 217
Location: Inside your head

PostPosted: Thu Nov 04, 2010 5:58 am    Post subject: YAGE...for IE that is Reply with quote

As in Yet Another Grand Exploit:

http://threatpost.com/en_us/blogs/new-bug-internet-explorer-used-targeted-attacks-110310?utm_source=Newsletter_110310&utm_medium=Email+Marketing&utm_campaign=Newsletter&CID=


Quote:
The new IE flaw is likely to be targeted through drive-by download attacks, a common attack scenario for browser vulnerabilities.

"In a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker’s Web site," Microsoft said.


MS Advisory on this:
https://www.microsoft.com/technet/security/advisory/2458511.mspx

Funny, JUST the other night we saw a link to a "hilarious video, this cracked me UP!" posted to a busy Facebook discussion, followed not too long after by a frantic disclaimer from the same person: "DON'T CLICK THAT, I DIDN'T POST THAT & DON'T KNOW HOW IT GOT HERE!!!".

I wondered how many machines got pwned.

*sigh*
_________________
- Datababe
Until you spread your wings, you'll have no idea how far you can walk.
http://redoakranch.x10hosting.com
http://datababe007.blogspot.com
Back to top
View user's profile Send private message Visit poster's website
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 21 Aug 2014
Posts: 10323
Location: sunny California

PostPosted: Thu Nov 04, 2010 8:31 am    Post subject: Reply with quote

Anyone using IE should upgrade to IE 8 if they haven't already done so and enable DEP. Yesterday I read this exploit wasn't thought to be actively used... yet.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
datababe
Warrior


Joined: 13 Dec 2004
Last Visit: 10 Oct 2012
Posts: 217
Location: Inside your head

PostPosted: Thu Nov 04, 2010 11:14 am    Post subject: Reply with quote

Quote:
At this time, we are aware of targeted attacks attempting to use this vulnerability.


MS might want to check for a typo or two. At least, I hope that's a typo...then again, they might as well leave it.

(not sure whether to laugh or cry!)
_________________
- Datababe
Until you spread your wings, you'll have no idea how far you can walk.
http://redoakranch.x10hosting.com
http://datababe007.blogspot.com
Back to top
View user's profile Send private message Visit poster's website
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 21 Aug 2014
Posts: 10323
Location: sunny California

PostPosted: Fri Nov 05, 2010 7:21 am    Post subject: Reply with quote

They are probably right and I'm wrong.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
datababe
Warrior


Joined: 13 Dec 2004
Last Visit: 10 Oct 2012
Posts: 217
Location: Inside your head

PostPosted: Wed Nov 17, 2010 7:48 am    Post subject: Reply with quote

If so, they should be wishing they aren't and you are. Wink Rolling Eyes
_________________
- Datababe
Until you spread your wings, you'll have no idea how far you can walk.
http://redoakranch.x10hosting.com
http://datababe007.blogspot.com
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Security Notices & News All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group