MSUNAG Archives

MSUNAG Archives


View:

Next Message | Previous Message
Next in Topic | Previous in Topic
Next by Same Author | Previous by Same Author
Chronologically | Most Recent First
Proportional Font | Monospaced Font

Options:

Join or Leave MSUNAG
Reply | Post New Message
Search Archives


Subject: Re: IE Zero Day Vulnerability
From: David Graff <[log in to unmask]>
Reply-To:David Graff <[log in to unmask]>
Date:Tue, 29 Apr 2014 11:29:07 -0400
Content-Type:text/plain
Parts/Attachments:
Parts/Attachments

text/plain (28 lines)


I agree that this is sensationalist. We have arbitrary code execution
vulnerabilities against Flash, Acrobat, and Java all the time and those have
active user bases on par with IE these days. What's one more way to
infiltrate an XP system?

But, if you're looking for mitigation against unpatched buffer overrun
attacks Windows, its worth installing the EMET package from Microsoft and
accepting the default config which will run DEP and SEHOP in opt-out mode.

http://www.microsoft.com/en-us/download/details.aspx?id=41138

Hopefully the IE sandboxing that UAC creates is also containing this attack
for anything running Vista and newer.

On Mon, 28 Apr 2014 14:41:39 -0400, David McFarlane <[log in to unmask]> wrote:

>Yet another (less alarmist) perspective on
>this:
>http://steve.grc.com/2014/04/28/a-quick-mitigation-for-internet-explorers-new-0-day-vulnerability
>
>-- dkm  "What, me worry?"
>
>
>At 4/28/2014 08:57 AM Monday, Murray, Troy wrote:
>>Zero-day exploit in every version of Internet Explorer discovered
>>late yesterday, and XP won't be patched when a fix is released.
>>
>><http://gizmodo.com/new-vulnerability-found-in-every-single-version-of-inte-1568383903/+whitsongordon?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+lifehacker%2Ffull+%28Lifehacker%29>http://gizmodo.com/new-vulnerability-found-in-every-single-version-of-inte-1568383903/

Back to: Top of Message | Previous Page | Main MSUNAG Page

Permalink



LIST.MSU.EDU

CataList Email List Search Powered by the LISTSERV Email List Manager