Microsoft IE Has Serious Flaw, Someone Has Been Exploiting it for a Year

Tagged: Internet Explorer, Microsoft, Microsoft Windows XP, Software
Source: Daily Tech - Read the full article
Posted: 19 weeks 5 days ago

"No fix will come for most Windows XP users. Microsoft Corp. (MSFT) issued a security advisory and threat database entry this week after a flaw was discovered that affected virtually every active version of Internet Explorer (IE), from IE6 to the latest and greatest IE 11..."

 

Comments

Razear
Razear's picture
Offline
Joined: 12/30/2008
Posts: 1116

Another reason to jump onto the Firefox/Chrome bandwagon for those who haven't done so already.

Tivon
Tivon's picture
Offline
Joined: 04/26/2002
Posts: 1877

Maybe posted too soon, because Tomsguide posted this bit of information today..

http://www.tomsguide.com/us/internet-explorer-flaw-patched-xp,news-18721.html

"Not only did Microsoft issue today's patch outside of its usual "Patch Tuesday" cycle, which sees new updates on the first Tuesday of each month, but the company surprised digital-security experts and IT personnel by fixing the flaw in Windows XP, which it had ostensibly stopped patching after the latest Patch Tuesday on April 8.

That's excellent news for the owners of the roughly 20-30 percent of computers worldwide still running Windows XP, or at least that fraction that regularly installs security updates. However, to avoid attacks using this flaw, Windows users needed only to use any browser other than Internet Explorer.

Still, Windows XP users shouldn't expect future patches."

° º ¤ ø . ¸ . ø ¤ º ° º ¤ ø . ¸ ¸ . ø ¤ º ° º ¤ ø . ¸ . ø ¤ º ° º ¤ ø . ¸

Don't test my skills, I was trained by myself! Check out my Gaming Videos!

Tivon
Tivon's picture
Offline
Joined: 04/26/2002
Posts: 1877

Does this spell the end of XP? The proverbial nail in the coffin..

"VML should be disconnected as quickly as possible, and it probably doesn't make any sense to ever reconnect it," Wolfgang Kandek, CTO of Qualys, told the E-Commerce Times.

That can be done by running from the command line in Windows: regsvr32 -u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll."

Unlike some of the other measures recommended by Microsoft, disabling the VGX library will have a minimal impact on a Web-surfing experience.

"It only affects you if you go to a page with VML on it," Kandek said, "and those pages are hard to find."

- http://www.technewsworld.com/story/80369.html