Guru3D.com
  • HOME
  • NEWS
    • Channels
    • Archive
  • DOWNLOADS
    • New Downloads
    • Categories
    • Archive
  • GAME REVIEWS
  • ARTICLES
    • Rig of the Month
    • Join ROTM
    • PC Buyers Guide
    • Guru3D VGA Charts
    • Editorials
    • Dated content
  • HARDWARE REVIEWS
    • Videocards
    • Processors
    • Audio
    • Motherboards
    • Memory and Flash
    • SSD Storage
    • Chassis
    • Media Players
    • Power Supply
    • Laptop and Mobile
    • Smartphone
    • Networking
    • Keyboard Mouse
    • Cooling
    • Search articles
    • Knowledgebase
    • More Categories
  • FORUMS
  • NEWSLETTER
  • CONTACT

New Reviews
ASRock Z590 Extreme review
Gigabyte Radeon RX 6700 XT Gaming OC review
Corsair K70 RGB TKL keyboard review
Corsair RM650x (2021) power supply review
be quiet! Silent Loop 2 280mm review
Corsair K55 RGB PRO XT keyboard review
Guru3D Rig of the Month - March 2021
Intel Core i9-11900K processor review
Intel Core i5-11600K processor review
ASUS ROG Maximus XIII HERO review

New Downloads
Guru3D RTSS Rivatuner Statistics Server Download 7.3.2 Beta 2
MSI Afterburner 4.6.4 Beta 2 Download
HWiNFO Download v7.02
Intel HD graphics Driver Download Version: DCH 27.20.100.9316
Corsair Utility Engine Download (iCUE) Download v4.9.350
Quake II RTX Download 1.5.0
GeForce 465.89 WHQL driver download
AIDA64 Download Version 6.33
AMD Radeon Adrenalin Edition 21.3.2 driver download
Display Driver Uninstaller Download version 18.0.3.8


New Forum Topics
PC sales have risen significantly in Q1 of 2021, despite all shortages Asus to release resizable BAR update for Z370 and Z390 motherboards in May MSI To release two super fast NVMe SSDs - Gen 4x4 and Read and Writes up-to 7000 MB/s Review: ASRock Z590 Extreme AMD Radeon Software - UWP - v27.20.21001.7005 Resizeable BAR support issues NVidia Anti-Aliasing Guide (updated) Review: XFX Radeon RX 6700 XT MERC 319 AMD PCI Express (3GIO) Filter and PCI Bus Driver requires manually updating. AMD Radeon Adrenalin Edition 21.3.2 driver download & discussion




Guru3D.com » News » Microsoft confirms exploit in Internet Explorer 8

Microsoft confirms exploit in Internet Explorer 8

by Hilbert Hagedoorn on: 05/06/2013 08:28 AM | source: | 22 comment(s)
Microsoft confirms exploit in Internet Explorer 8

Microsoft's Security blog states the exploit could in theory be used to allow for a "remote code execution if users browse to a malicious website with an affected browser." Computerworld.com reports that the issue was first identified by the security firm Invincea and has already been used by hackers in attacks directed against the U.S. Department of Labor and U.S. Department of Energy. Microsoft is working to create a patch for IE8 that will close this exploit. 

If users don't wish to upgrade their browsers, Microsoft says some workarounds might help stop the issue. One is to set Internet and local intranet security zone settings to high, and the other is to set up IE8 to prompt users before running any Active Script type of program or to simply disable Active Scripting entirely.

Today, we released Security Advisory 2847140 regarding an issue that impacts Internet Explorer 8. Internet Explorer 6, 7, 9 and 10 are not affected by the vulnerability. This issue allows remote code execution if users browse to a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click a link in an email or instant message.

Internet Explorer 9 and 10 are not affected by this issue, so upgrading to these versions will help protect you from this issue.

While we are actively working to develop a security update to address this issue, we encourage customers using affected versions of Internet Explorer to deploy the following workarounds and mitigations included in the advisory to help protect themselves:

  • Set Internet and local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones
    This will help prevent exploitation but may affect usability; therefore, trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.
  • Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and local intranet security zones
    This will help prevent exploitation but can affect usability, so trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.

We also always encourage people to follow the "Protect Your Computer" guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. We also encourage folks to exercise caution when visiting websites and avoid clicking suspicious links, or opening email messages from unfamiliar senders. Additional information can be found at www.microsoft.com/protect.

We are monitoring the threat landscape very closely and will continue to take appropriate action to help protect customers.

Thank you,
Dustin Childs
Group Manager, Response Communications







« Splinter Cell: Blacklist Spies vs. Mercs Trailer · Microsoft confirms exploit in Internet Explorer 8 · Acer Aspire R7 notebook has Ezel Hinge »

Related Stories

Microsoft IllumiRoom preview for next-generation Xbox - 05/01/2013 07:49 AM
Microsoft has remained fairly quiet about its next-generation Xbox plans and IllumiRoom. Microsoft's Eric Rudder and the Xbox team were quick to stress it's simply a proof-of-concept project, but t...

Microsoft reveals new Xbox on May 21st - 04/26/2013 07:22 AM
Microsoft send out press invitations for a special event on May 21st that will mark the unveiling of the next-generation Xbox console. Not all details about the console will be revealed at this event ...

Microsoft's next Xbox will get hdmi input - 04/11/2013 08:26 AM
And that HDMI input is to be used for a settopbox. Multiple sources familiar with the company's Xbox plans have revealed to that Microsoft will introduce a feature that lets its next-generation con...

Microsoft to drop Windows RT brandname - 03/29/2013 08:59 AM
DigiTimes writes Microsoft will no longer launch products under its Windows RT brand. Instead, the software giant will merge the product into its next Windows release, codenamed Blue. Although the PC...

Linux users file EU complaint against Microsoft - 03/28/2013 08:41 AM
The 8,000-member Hispalinux, which represents users and developers of the Linux operating system in Spain, said Microsoft had made it difficult for users of computers sold with its Windows 8 platform ...


5 pages 1 2 3 4 5


rl66
Senior Member



Posts: 2819
Joined: 2007-05-31

#4591007 Posted on: 05/06/2013 01:12 PM
is there people still using IE8?
*trolling*

RagDoll_Effect
Senior Member



Posts: 4507
Joined: 2003-09-13

#4591030 Posted on: 05/06/2013 01:44 PM
Microsoft's Security blog states the exploit could in theory be used to allow for a "remote code execution if users browse to a malicious website with an affected browser." Computerworld....

Microsoft confirms exploit in Internet Explorer 8

Using IE9 here...

k1net1cs
Senior Member



Posts: 3783
Joined: 2010-11-14

#4591045 Posted on: 05/06/2013 02:16 PM
So, it mainly affects WinXP users.
I can almost hear IT Support banging their heads against the helpdesks in offices everywhere.

kanej2007
Senior Member



Posts: 8394
Joined: 2007-08-07

#4591080 Posted on: 05/06/2013 03:02 PM
is there people still using IE8?
*trolling*

This, lol. Using neither IE8 or 9. Currently a proud user of Firefox. :P

TheDeeGee
Senior Member



Posts: 7034
Joined: 2010-08-28

#4591177 Posted on: 05/06/2013 05:44 PM
This, lol. Using neither IE8 or 9. Currently a proud user of Firefox. :P


Did try FF for a while, but got tired of having to install a new version every day.

5 pages 1 2 3 4 5


Post New Comment
Click here to post a comment for this news story on the message forum.


Guru3D.com © 2021