Jump to content

Mass hysteria on the interwebs!


Guest

Recommended Posts

OMG! It's the XP Armageddon come to fruition! I've been reading with joy since yesterday all across Twittersphere and respectable publications about how yesterdays zero-day IE vulnerability has XP users scre*ed for life.

Silly peeps. Just read the dam* advisory and unregister vgx.dll or run EMET or disable Flash or update to the patched Flashed(Not 100% sure on this option) released today. Besides, the current attacks are being perpetrated against Vista, Windows 7 and Windows 8/8.1. NOT XP!

:puke:

EDIT: Forgot to add: See for yourselves #XP #WindowsXP. Time limited links.

Edited by -X-
Link to comment
Share on other sites


I've seen no hysteria whatsoever around the places I use to visit on the 'net.

That must be a twitter/facebook phenomenon, as is usual, of late...

Now:

MS Security Advisory 2963983
"Vulnerability in IE Could Allow Remote Code Execution"
Published: April 26, 2014

IMO, MS already knew this and delayed the advisory to some days after their cherished EoS date, just to add to their FUD.

Deregister vgx.dll for now... an unofficial patch of reliable source will soon be available, I'm sure.

What's this "flashed" fix you mentioned? Is there an unofficial patch already available? If so, where?

Link to comment
Share on other sites

Same here, I heard or read nothing about this until -X- posted about it. I don't do twitter/facebook so I guess I'm screwed for the future!

Anyway, on one of the links that -X- posted there is a link to this article dated April 28th Monday. It seems to be the same old thing ... being careful of strange links and e-mails and I suppose use another browser ... I was using IE8 only for monthly updates, so it sits dormant most of the time.

From the article: "It is unknown whether Microsoft will backtrack on its support withdrawal to fix the security hole in Internet Explorer on Windows XP."

Ditch Internet Explorer on XP, Security Experts Warn

More than half of all internet users are vulnerable to a serious security bug that means Windows XP is vulnerable to hackers.

http://www.theguardian.com/technology/2014/apr/28/internet-explorer-xp-security-experts-warn

Serious security vulnerability could allow hackers to take control of a Windows computer through Internet Explorer, from version IE6 onwards.

Security experts have urged Windows XP users to change browsers owing to a serious bug in Microsoft’s Internet Explorer that could threaten over half of all internet users.

The vulnerability is actively being exploited by hackers, Microsoft has warned, and every active version of Internet Explorer is at risk, including IE 6 to IE 11, Windows XP and Windows RT. The bug could allow hackers to gain access to and hijack a Windows computer, including personal data.

Microsoft warned that it was “aware of limited, targeted attacks” currently under way using the security hole in Internet Explorer, which is used by over 55% of internet users globally, according to the latest data from research firm Netmarketshare.

'Appropriate action to protect our customers'

Microsoft issued security advice over the weekend, saying it was investigating the flaw and will take “appropriate action to protect our customers”, including patching the security hole, originally found by security company FireEye.

The flaw affects users of Internet Explorer on multiple Windows software versions, including Windows Vista, 7 and the latest Windows 8. But the biggest threat is posed to the 13-year-old Windows XP, which Microsoft recently withdrew support for and is still used on an estimated 430m computers globally.

It is unknown whether Microsoft will backtrack on its support withdrawal to fix the security hole in Internet Explorer on Windows XP.

'Don’t panic'

“Windows XP users shouldn’t panic, but should certainly be aware of the risk and if at all possible switch to an alternative browser,” Rik Ferguson, vice president of security research at Trend Micro, told the Guardian. “If you aren't going to be switching your operating system any time soon, it would be a good idea to make a permanent switch to another browser. That would make the web-facing portion of your browsing activities one that will be actively updated.”

Warnings over an “XPocalypse”, where a flood of security holes were expected once Microsoft’s security support of Windows XP stopped on 8 April, seem to have been overblown but the risk of using a system that is not updated is still real.

“The fact that we’re seeing a vulnerability that affects Windows XP this soon after support has ended indicates that we’re going to see a trickle of security flaws instead, but a strong trickle at that. Criminals and nation states may well have a stock pile of these bugs but they are very unlikely to unleash them in one go,” Ferguson said.

Take complete control

Microsoft’s security note explained that hackers looking to take advantage of the bug to take complete control of a user’s computer via Internet Explorer would require users to view a “specially crafted website”.

Microsoft advised users to be careful about clicking on suspicious links that could take them to the hacker’s site when browsing, emailing or chatting via instant messenger. The company also explained a series of work arounds that could help protect users, which include installing a Microsoft tool kit that enhances the security of Internet Explorer.

“We encourage customers to follow the suggested mitigations outlined in the security advisory while an update is finalised,” a Microsoft spokesperson told the Guardian.

Edited by monroe
Link to comment
Share on other sites

Finding more links in those twitter postings ... this one is dated April 27th

This is from the article and it does not mention IE 8, so I don't know.

"Security firm FireEye, which revealed the flaw to Microsoft, says that there's evidence of an active exploit targeting Internet Explorer 9 through 11 and Adobe Flash. All Internet Explorer users, regardless of operating system, have a few choices for avoiding this exploit. The easiest method is to use another browser, like Chrome or Firefox (both of which are currently still supported for Windows XP). If you need to stick with Internet Explorer, Microsoft has published some more advanced methods alongside its service advisory, including enabling Enhanced Protected Mode. Regardless of what you do, it's a good a idea to take some action to make sure you're safe from the exploit."

Security flaw puts all Internet Explorer users at risk, exposes Windows XP

April 27, 2014

http://www.theverge.com/2014/4/27/5659006/internet-explore-zero-day-security-flaw-affects-all-versions

Link to comment
Share on other sites

XP Users Permanently Vulnerable to New Internet Explorer Exploit

Don't say we didn't warn you. Microsoft ended support for Windows XP earlier this month, meaning any new security holes won't be patched. Well, they've found one, and it's a doozy. Affecting Internet Explorer versions from 6.0 through 11, this bug lets the bad guys execute arbitrary code on your system. As soon as you visit a gimmicked website, you're pwned. Other Windows versions will get patched, but not XP.

http://www.securitywatch.pcmag.com/hacking/323081-xp-users-permanently-vulnerable-to-new-exploit

Edited by -X-
Link to comment
Share on other sites

Here's one more. There's more but don't feel like looking right now.

Serious Internet Explorer flaw puts XP users especially at risk

We hope that you heeded our advice to finally ditch Windows XP in favor of a more modern operating system, because there's a new security exploit that'll leave stubborn XP users in the cold. In a security alert released on Saturday, Microsoft reports that there's a serious vulnerability in Internet Explorer 6 through 11 that could allow hackers to take over your computer remotely if you happen to visit a malicious website. According to security firm FireEye, it has already found evidence of an attack that targets IE 9 through 11 that uses a well-known Flash exploitation technique to gain access to your computer's memory. Microsoft has already said it plans to roll out an IE security update for all modern versions of Windows, but if you're using XP, well, you're out of luck, as support for that 12-year-old OS ended a few weeks ago.

http://www.engadget.com/2014/04/27/internet-explorer-security-exploit/

Edited by -X-
Link to comment
Share on other sites

What all the panicked chicken-littles' are missing is that, as of right now ALL versions of IE on ALL OS are affected. One article states that the Department of Homeland Security is reccomending that people stop using any version of IE. I'm sure that MS knew of this before April 8 and is going to use this to scare as many off XP as possible.

I also see some of the column writers are asking "would MS produce an XP patch for this?" Stupids! MS will be providing an XP patch for the governments etc. who are paying for the pricey post April 8 "custom support".

Also interesting to read associated articles about the MSE debacle where the April 15 update of MSE crashed some XP computers and left them unbootable. The only solution at the time was to uninstall MSE. While MS did release a corrected file in a few days, those compnies who now tried to reinstall MSE received error messages, stataing that XP was now an unsupported OS!

Between the two issues, it seems as if MS will be using whatever dirty tricks it can conjure up, to force as many as possible off of XP. The warning messages of XP demise delivered via Windows Update and offers of $100 off a new Win 8 PC didn't have the desired effect. MS is going to start playing hardball now.

Edited by the xt guy
Link to comment
Share on other sites

Two places -

http://www.msfn.org/_/software/vulnerability-in-internet-explorer-could-allow-remote-code-execution-r9011

http://www.msfn.org/_/software/internet-explorer-exploit-leaves-xp-users-high-and-dry-r9012

And as I noted in the last link I provided - WOW! Note the links I gave within - the intended target (an assumption on their part?) is NOT "consumers". The Vulnerability is ONLY if you're downright STUPID and click a link to ANYWHERE! I wonder what Malware Defender softwares will do about it (or CAN do)?

Funny that this came out AFTER XP was EOS. "QUICK! Dump XP NOW! Disregard the fact that the Marketshare is HIGH! DUMP IT!" FUD galore...

edit (@xt guy) -

You mean these about MSE?

http://www.msfn.org/board/topic/171498-need-microsoft-security-essentials-grab-it-now/

http://www.msfn.org/board/topic/171659-bug-in-microsoft-security-essentials-downs-windows-xp-machines/

--- These MS "treats" keep coming and coming. :w00t:

Edited by submix8c
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...