I agree that this is sensationalist. We have arbitrary code execution
vulnerabilities against Flash, Acrobat, and Java all the time and those have
active user bases on par with IE these days. What's one more way to
infiltrate an XP system?
But, if you're looking for mitigation against unpatched buffer overrun
attacks Windows, its worth installing the EMET package from Microsoft and
accepting the default config which will run DEP and SEHOP in opt-out mode.
http://www.microsoft.com/en-us/download/details.aspx?id=41138
Hopefully the IE sandboxing that UAC creates is also containing this attack
for anything running Vista and newer.
On Mon, 28 Apr 2014 14:41:39 -0400, David McFarlane <[log in to unmask]> wrote:
>Yet another (less alarmist) perspective on
>this:
>http://steve.grc.com/2014/04/28/a-quick-mitigation-for-internet-explorers-new-0-day-vulnerability
>
>-- dkm "What, me worry?"
>
>
>At 4/28/2014 08:57 AM Monday, Murray, Troy wrote:
>>Zero-day exploit in every version of Internet Explorer discovered
>>late yesterday, and XP won't be patched when a fix is released.
>>
>><http://gizmodo.com/new-vulnerability-found-in-every-single-version-of-inte-1568383903/+whitsongordon?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+lifehacker%2Ffull+%28Lifehacker%29>http://gizmodo.com/new-vulnerability-found-in-every-single-version-of-inte-1568383903/
|