Forum Thread: Microsoft plasters IE8 hole abused in nuke lab PC meltdown

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Open Discussions

This thread has been marked as resolved.
mogs Microsoft plasters IE8 hole abused in nuke lab PC meltdown
Member 9th May, 2013 17:25
Ranking:
Posts: 6,279
User Since: 22nd Apr, 2009
System Score: N/A
Location: UK


--

Post "RE: Microsoft plasters IE8 hole abused in nuke lab PC meltdown" has been selected as an answer.
Maurice Joyce RE: Microsoft plasters IE8 hole abused in nuke lab PC meltdown
Handling Contributor 9th May, 2013 17:51
Score: 12072
Posts: 9,340
User Since: 4th Jan 2009
System Score: N/A
Location: UK
A long way behind the official notifications available.

The Secunia advisory dated 5th May 2013 is here: https://secunia.com/advisories/53314/

The Microsoft information release dated was 3rd May & updated on the 8th May which gives all the information required to mitigate the reported vulnerability is here: http://technet.microsoft.com/en-us/security/adviso...

The shortcut to the fix-it is here. http://support.microsoft.com/kb/2847140

--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro
16 GB RAM
IE & Edge Only
Was this reply relevant?
+2
-0
ddmarshall RE: Microsoft plasters IE8 hole abused in nuke lab PC meltdown
Dedicated Contributor 9th May, 2013 18:20
Score: 1250
Posts: 992
User Since: 8th Nov 2008
System Score: 98%
Location: UK
Microsoft is withholding details on what the Fix It actually does

Not true actually. The details, including the code, are here: http://blogs.technet.com/b/srd/archive/2013/05/08/...

--
Was this reply relevant?
+2
-0
joe schmoe RE: Microsoft plasters IE8 hole abused in nuke lab PC meltdown
Member 9th May, 2013 21:30
Score: 41
Posts: 144
User Since: 26th Nov 2008
System Score: 100%
Location: US
Last edited on 9th May, 2013 21:38
Using IE8 without the fix-it patch is at your own risk.

If you are running any version of XP, you cannot upgrade to a higher version of IE; IE8 is the max level available. Vista can go to IE9, Win 7 & Win 8 can go to IE10.

Reason this fix-it is so critical, is because, unlike other alternative browsers available, all versions of IE are tightly integrated with the operating system you use. Any damage here will affect the proper operation of a Microsoft operating system.

Alternative is to use Firefox, Chrome, Opera, etc., until the fix is made permanent; likely to occur on this upcoming Microsoft Tuesday.

[EDIT:] Note that uninstalling the emergency fix-it before you update at Windows Update on Tuesday is recommended by Microsoft.

--
XP Pro SP3 P4 3.2 HT 2 GB RAM Avast! 9.0.2018 AIS
Win 7 Home Pro SP1 Pentium D 2.8 3 GB RAM Avast 9.0.2018 AIS
Secunia PSI 2.0.0.3003 XP Pro 32-bit & Win 7 H Pro 64-bit
Was this reply relevant?
+0
-0
mogs RE: Microsoft plasters IE8 hole abused in nuke lab PC meltdown
Member 10th May, 2013 13:22
Score:
Posts: 6,279
User Since: 22nd Apr 2009
System Score: N/A
Location: UK


--
Was this reply relevant?
+0
-0
Maurice Joyce RE: Microsoft plasters IE8 hole abused in nuke lab PC meltdown
Handling Contributor 10th May, 2013 17:58
Score: 12072
Posts: 9,340
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Last edited on 15th May, 2013 09:43
The Microsoft routine release notification for Windows "Patch Tuesday" which gives all the known details is here:

http://technet.microsoft.com/en-us/security/bullet...

EDIT - 15th May.

The patch for this vulnerability has now been released via Windows Update.

Details for those who have installed the Fixit Work around are here:

https://1ncuig.bn1.livefilestore.com/y2pHIkz00Ynum...

The Fixit can remain on a PC but for those who wish to remove it after the patch is successfully applied can use this link to the uninstaller:

http://blogs.technet.com/b/srd/archive/2013/05/08/...






--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro
16 GB RAM
IE & Edge Only
Was this reply relevant?
+2
-0

This thread has been marked as locked.