 |
 |
I agree that this is sensationalist. We have arbitrary code execution vulnerabilities against Flash, Acrobat, and Java all the time and those have active user bases on par with IE these days. What's one more way to infiltrate an XP system? But, if you're looking for mitigation against unpatched buffer overrun attacks Windows, its worth installing the EMET package from Microsoft and accepting the default config which will run DEP and SEHOP in opt-out mode. http://www.microsoft.com/en-us/download/details.aspx?id=41138 Hopefully the IE sandboxing that UAC creates is also containing this attack for anything running Vista and newer. On Mon, 28 Apr 2014 14:41:39 -0400, David McFarlane <[log in to unmask]> wrote: >Yet another (less alarmist) perspective on >this: >http://steve.grc.com/2014/04/28/a-quick-mitigation-for-internet-explorers-new-0-day-vulnerability > >-- dkm "What, me worry?" > > >At 4/28/2014 08:57 AM Monday, Murray, Troy wrote: >>Zero-day exploit in every version of Internet Explorer discovered >>late yesterday, and XP won't be patched when a fix is released. >> >><http://gizmodo.com/new-vulnerability-found-in-every-single-version-of-inte-1568383903/+whitsongordon?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+lifehacker%2Ffull+%28Lifehacker%29>http://gizmodo.com/new-vulnerability-found-in-every-single-version-of-inte-1568383903/