Zero-day vulnerability in Internet Explorer

dogmaryxx

Applies to Windows XP, IE6, IE7 and IE8

Deregistering the vulnerable DLL file worked fine.

http://news.softpedia.com/news/First-Post-Death-Windows-XP-Vulnerability-Already-Found-439562.shtml

OnAndUp

Thanks

Do they mean this is only an issue if you use IE - I don't. Or still a problem if you have it installed so best to do the mentioned fix?

colin79666

Only an issue if you use IE. However many people still have it as their default browser, even if using another browser for day to day activity. This means that clicking a link in say a phishing email would launch IE and the machine gets pwned. No harm really in unregistering the DLL, practically no website legitimately uses VML.

Some sane advice here: http://steve.grc.com/2014/04/28/a-quick-mitigation-for-internet-explorers-new-0-day-vulnerability/

joe134

colin79666 wrote: »

Only an issue if you use IE. However many people still have it as their default browser, even if using another browser for day to day activity. This means that clicking a link in say a phishing email would launch IE and the machine gets pwned. No harm really in unregistering the DLL, practically no website legitimately uses VML.

Some sane advice here: http://steve.grc.com/2014/04/28/a-quick-mitigation-for-internet-explorers-new-0-day-vulnerability/

Hi, as versions 10 and 11 are not affected by this,which I have installed, why not instal these, if you like IE.
I use AOL browser, purely as it's my ISP,simple, and e-mails are easier,BUT, it piggy backs IE, which, I dislike to use.I know it's disliked on here, clogs the system, but I fing it as quick as Chrome, or Firefox personal choice
Use Chrome too,

giraffe69

Hi, as versions 10 and 11 are not affected by this,which I have installed, why not instal these, if you like IE.

If you are still using XP the IE10 and 11 won't work. IE8 is the last version that was supported (no more, of course)

Oblivion

It seems that Microsoft have put their hands up to another flaw affecting IE 6 to 11 now!


http://www.bbc.co.uk/news/technology-27184188

grumpycrab

Oblivion wrote: »

It seems that Microsoft have put their hands up to another flaw affecting IE 6 to 11 now!


http://www.bbc.co.uk/news/technology-27184188

Same thing. The later versions of IE are already fixed.

Oblivion

grumpycrab wrote: »

Same thing. The later versions of IE are already fixed.

Are you sure? The Microsoft advisory was only published on 26th April. I've just checked and there haven't been any updates issued since then.


https://technet.microsoft.com/en-US/library/security/2963983

grumpycrab

I think its the same one (VGX.dll). IE 10 and 11 were already protected (at least under Windows 8 and 8.1).

joe134

giraffe69 wrote: »

If you are still using XP the IE10 and 11 won't work. IE8 is the last version that was supported (no more, of course)

Hi G, I use windows 7, and IE 10, and still cannot fathom out if these are affected, reading the last 2 posts.
Very vague.

OneADay

joe134 wrote: »

Hi G, I use windows 7, and IE 10, and still cannot fathom out if these are affected, reading the last 2 posts.
Very vague.

It affects all versions of Windows I think - except those running in restricted mode, Windows Server 2008 etc.

Disabling flash plugin is the fix for now. If you have XP, well use a different browser.

http://www.informationweek.com/software/operating-systems/microsoft-no-ie-patch-for-windows-xp/d/d-id/1234903