Homeland Security: Internet Explorer Vulnerability


#1

It is HIGHLY recommended users Disable Flash plugin or use an alternative browser.

SAN FRANCISCO – The U.S. Department of Homeland security is advising Americans not to use the Internet Explorer web browser until a fix is found for a serious security flaw that came to light over the weekend.

The bug was announced on Saturday by FireEye Research Labs, an internet security software company based in Milpitas, Calif.
“We are currently unaware of a practical solution to this problem,” the Department of Homeland Security’s United States Computer Emergency Readiness Team said in a post Monday morning.

It recommended that users and administrators “consider employing an alternative web browser until an official update is available.”
Because the hack uses a corrupted Adobe Flash file to attack the victim’s computer, users can avoid it by turning off Adobe Flash.

“The attack will not work without Adobe Flash,” FireEye said. “Disabling the Flash plugin within IE will prevent the exploit from functioning.”

FireEye said that the hackers exploiting the bug are calling their campaign “Operational Clandestine Fox.”

usatoday.com/story/tech/2014/04/28/internet-explorer-bug-homeland-security-clandestine-fox/8409857/

US-CERT is aware of active exploitation of a use-after-free vulnerability in Microsoft Internet Explorer. This vulnerability affects IE versions 6 through 11 and could lead to the complete compromise of an affected system.

US-CERT recommends that users and administrators enable Microsoft EMET where possible and consider employing an alternative web browser until an official update is available.

www.us-cert.gov/ncas/current-activity/2014/04/28/Microsoft-Internet-Explorer-Use-After-Free-Vulnerability-Being

Some alternative browsers --> Opera or Google chrome.


#2

Adobe has released new versions of Flash Player for Windows, Mac and Linux, to address the vulnerability that is being exploited .

helpx.adobe.com/security/products/flash-player/apsb14-13.html


#3

You mean IE wasn’t a virus-ridden computer deathtrap already? I’ve been using Firefox for years.


#4

Actually, that would be Java…


#5

Have you heard about the browser hacker competitions they do? Basically, each year they get people together to test out the latest iterations of various browsers. The goal is essentially break the browser so you can access personal information in some way (finding exploits). I.E. is pretty much always one of the first to go down, firefox is pretty high up there, but currently I believe that Chrome is the top rated among the non-security driven browsers (ones that one don’t maintain any kind of information or imprint on a machine).


#6

There was a good article about this on today’s www.Komando.com website. Kim Komando is a digital whiz and writes and comments on all things digital.:thumbsup:


#7

Vulnerabilities in software is certainly not just a Microsoft problem.

All told, Secunia detected 9,776 vulnerabilities among 2,503 products from 421 vendors, representing a 15 percent increase in overall vulnerabilities over the past five years. In that same period, the number of vulnerabilities discovered in the 50 most popular PC programs increased by 98 percent.

Among the 18 most common non-Microsoft products, Secunia counted 291 vulnerabilities in Chrome, 257 in Firefox, and 243 in iTunes. Adobe Flash Player accounted for 67 vulnerabilities, Oracle Java JRE SE had 66, and Adobe AIR suffered 56. Adobe Reader and Apple QuickTime also made the list with 43 and 29 vulnerabilities respectively.

As for Microsoft products, Windows 7 proved most vulnerable with 50. Internet Explorer had 41, and the .Net Framework had 14. Excel had 10, Visio Viewer had seven, Silverlight had five, Word had three, and Microsoft MSXML had one.


Most of the vulnerabilities detected in the top 50 most popular programs were rated either Highly Critical (78.8 percent) or Extremely Critical (5.3 percent), according to the report. Only eight of the top 50 were zero-day vulnerabilities, compared with 12 in 2010 and 14 in 2011.


"This means that it is possible to remediate the majority of vulnerabilities. There is no excuse for not patching.

www.infoworld.com/t/security/google-mozilla-and-apple-made-the-most-vulnerable-software-of-2012-214591


#8

Niagara Gazette:

Another reason to quit Internet Explorer

NEW YORK — On Saturday Microsoft posted a security advisory about a vulnerability that affects all versions of Internet Explorer from 6 to 11. Together, these versions comprise more than 56 percent of Internet browser market share. That’s a lot of copies of vulnerable browsers.
The weakness could allow a hacker to distort what a given user’s browser displays to trick him into clicking on a false link. This could then give the hacker control over his computer.

Microsoft said in its post that the company “is aware of limited, targeted attacks” exploiting the flaw. And FireEye, the cybersecurity company that found the weakness and sent it to Microsoft, reports that hackers are especially going after IE versions 9, 10, and 11 through the Adobe Flash plugin. Though that’s a slightly smaller window, those three versions still represent almost 32 percent of total browser market share.

Internet Explorer has a 56% market share – on what planet? Does anyone here use it?


#9

I do…

It drives my son nuts and annoys the tech chaps who service our PC but I just hate the colours on Chrome. :smiley:

Meh… I just use the PC for CAF, Pinterest and to search up recipes. Maybe I’ll be their very last customer?


#10

DISCLAIMER: The views and opinions expressed in these forums do not necessarily reflect those of Catholic Answers. For official apologetics resources please visit www.catholic.com.