MSUNAG Archives

MSUNAG Archives


Next Message | Previous Message
Next in Topic | Previous in Topic
Next by Same Author | Previous by Same Author
Chronologically | Most Recent First
Proportional Font | Monospaced Font


Join or Leave MSUNAG
Reply | Post New Message
Search Archives

Subject: Re: IE Zero Day Vulnerability
From: David Graff <[log in to unmask]>
Reply-To:David Graff <[log in to unmask]>
Date:Tue, 29 Apr 2014 11:29:07 -0400

text/plain (28 lines)

I agree that this is sensationalist. We have arbitrary code execution
vulnerabilities against Flash, Acrobat, and Java all the time and those have
active user bases on par with IE these days. What's one more way to
infiltrate an XP system?

But, if you're looking for mitigation against unpatched buffer overrun
attacks Windows, its worth installing the EMET package from Microsoft and
accepting the default config which will run DEP and SEHOP in opt-out mode.

Hopefully the IE sandboxing that UAC creates is also containing this attack
for anything running Vista and newer.

On Mon, 28 Apr 2014 14:41:39 -0400, David McFarlane <[log in to unmask]> wrote:

>Yet another (less alarmist) perspective on
>-- dkm  "What, me worry?"
>At 4/28/2014 08:57 AM Monday, Murray, Troy wrote:
>>Zero-day exploit in every version of Internet Explorer discovered
>>late yesterday, and XP won't be patched when a fix is released.

Back to: Top of Message | Previous Page | Main MSUNAG Page



CataList Email List Search Powered by the LISTSERV Email List Manager