1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Microsoft Acts on MSIE RCE Vulnerability, Issues Hotfix

Discussion in 'News' started by btarunr, Dec 17, 2008.

  1. btarunr

    btarunr Editor & Senior Moderator Staff Member

    Joined:
    Oct 9, 2007
    Messages:
    27,703 (11.60/day)
    Thanks Received:
    13,422
    Location:
    Hyderabad, India
    A major security remote code execution (RCE) vulnerability discovered in the Microsoft Internet Explorer set data security agencies on high alert. Microsoft noted that 1 in every 500 internet users were exposed to the vulnerability through unsafe websites. The exploit allows hackers to remotely execute code over an IE session to gain access to, and comprimise a machine.

    In a security advisory updated today, Microsoft claims to have acted on the vulnerability by issuing a critical security update MS08-078 that went online at 1:00 PM, EST. The hotfix is available for all current versions of the web browser through Microsoft Update.
  2. Castiel

    Castiel

    Joined:
    May 5, 2008
    Messages:
    3,316 (1.52/day)
    Thanks Received:
    310
    Wow.
    Would this be a good suggestion to do since I don't even use IE?
  3. lemonadesoda

    lemonadesoda

    Joined:
    Aug 30, 2006
    Messages:
    6,221 (2.23/day)
    Thanks Received:
    960
    What exactly does 1:500 mean? That's a horrible statistic because it has a lot of assumptions in it, and is a horrible "average" of users and uses.

    For example, it could be that only 1:10 use credit cards on their PC. Does that mean:
    • For those that use CC, the risk is 1:50?
    • And for those that dont, the risk is zero?
    (Just an example)

    Earlier today it warning was for IE7. It seems that it is for all IE, since my update is now offering the following:

    [​IMG]

    It's unusual there is no much noise about a security update. It must be serious.

    EVERYONE do the update!
  4. btarunr

    btarunr Editor & Senior Moderator Staff Member

    Joined:
    Oct 9, 2007
    Messages:
    27,703 (11.60/day)
    Thanks Received:
    13,422
    Location:
    Hyderabad, India
    What was meant was, 1 in every 500 got pwned (exposed to malware/hackers) due to that already.
  5. sneekypeet

    sneekypeet Unpaid Babysitter Staff Member

    Joined:
    Apr 12, 2006
    Messages:
    21,309 (7.26/day)
    Thanks Received:
    5,842
    This really is a fast fix, I only read about it on Yahoo's homepage yesterday. Got it installed on both rigs now.

    Thanks have been added bta!
  6. OnBoard

    OnBoard New Member

    Joined:
    Sep 16, 2006
    Messages:
    3,044 (1.10/day)
    Thanks Received:
    379
    Location:
    Finland
    Hmm, better update then. I wouldn't use IE at all, but my stupid bank doesn't work with firefox.
  7. PVTCaboose1337

    PVTCaboose1337 Graphical Hacker

    Joined:
    Feb 1, 2006
    Messages:
    9,513 (3.17/day)
    Thanks Received:
    1,142
    Location:
    San Antonio, Texas
    I was hearing from my teacher that some major corporations have shut down their internet till everyone installs the hotfix. Pretty serious if you ask me. I assured him it would be ok, and made sure the computers I was working at had the fix, but still, pretty serious.
  8. eidairaman1

    eidairaman1

    Joined:
    Jul 2, 2007
    Messages:
    11,622 (4.67/day)
    Thanks Received:
    1,278
    It is a critical Fix, get it because even tho you dont use IE, you still do when you get Windows Updates, and also this exploit could expand beyond IE and make your Machine susceptible to domination
  9. Haytch

    Haytch New Member

    Joined:
    Apr 7, 2008
    Messages:
    510 (0.23/day)
    Thanks Received:
    28
    Location:
    Australia
    I still remember buying my 1st modem, it was a 2.4Kb swann crap but got me online. In a day and age where monochrome ruled the Earth, a friend foresore Internet banking become popular and usefull. It was that day i decided to never Internet Bank, never have since, and never will.

    Im not saying that anyone that Internet Banks deserves to have all their assets relocated to some foreign country and used for prostitution, i dont know what im saying . . . I think im saying, DONT INTERNET BANK.

    As for the unsafe websites, who said you should click on it . . . . Almost all of my clients admit to having gone to an unsafe website where they obtained a bug or two. They all knew it was unsafe, they all subconciously knew they would be harmed, yet they clicked. I try to educate my clients as much as i can. . . That one must guard him/herself and not await 3rd party software to do it for them.

    The hotfix is more then welcomed. Educating the public is needed.
    Last edited: Dec 18, 2008
  10. FordGT90Concept

    FordGT90Concept "I go fast!1!11!1!"

    Joined:
    Oct 13, 2008
    Messages:
    12,994 (6.44/day)
    Thanks Received:
    3,094
    Location:
    IA, USA
    Windows Update on my server notified me of it. Installing now (hope it doesn't require restart)...
    Crunching for Team TPU
  11. sneekypeet

    sneekypeet Unpaid Babysitter Staff Member

    Joined:
    Apr 12, 2006
    Messages:
    21,309 (7.26/day)
    Thanks Received:
    5,842
    sure does!
  12. FordGT90Concept

    FordGT90Concept "I go fast!1!11!1!"

    Joined:
    Oct 13, 2008
    Messages:
    12,994 (6.44/day)
    Thanks Received:
    3,094
    Location:
    IA, USA
    If you install via IE7 -> Microsoft Update or Windows Update website, you do. If you install via the integrated Windows Update client, you don't. I didn't have to restart the server but I had to restart my desktop. :(
    Crunching for Team TPU
  13. tigger

    tigger I'm the only one

    Joined:
    Mar 20, 2006
    Messages:
    10,087 (3.41/day)
    Thanks Received:
    1,363
    I have vista service pack 2 beta on,do i still need the fix?
  14. FordGT90Concept

    FordGT90Concept "I go fast!1!11!1!"

    Joined:
    Oct 13, 2008
    Messages:
    12,994 (6.44/day)
    Thanks Received:
    3,094
    Location:
    IA, USA
    Yes.
    Crunching for Team TPU
  15. tigger

    tigger I'm the only one

    Joined:
    Mar 20, 2006
    Messages:
    10,087 (3.41/day)
    Thanks Received:
    1,363
    I just checked update and it was there so i have just done it.
  16. Solaris17

    Solaris17 Creator Solaris Utility DVD

    Joined:
    Aug 16, 2005
    Messages:
    16,914 (5.33/day)
    Thanks Received:
    3,429
    Location:
    Florida
    o quite serious i actually was watching the news i think yesterday night and they had a whole thing on it.
  17. Triprift

    Triprift

    Joined:
    Dec 10, 2007
    Messages:
    7,185 (3.09/day)
    Thanks Received:
    915
    Location:
    Adelaide Australia
    Hopefully thats something windows automatic update would of sent havnt havnt any dramas with ie lately.
  18. crazy pyro

    crazy pyro New Member

    Joined:
    Jun 28, 2008
    Messages:
    1,662 (0.78/day)
    Thanks Received:
    125
    Location:
    Newcastle
    I've had no dramas except the usual with IE7 lately, although tbh I only use IE for checking e-mails.
  19. NeSeNVi New Member

    Joined:
    Dec 2, 2008
    Messages:
    93 (0.05/day)
    Thanks Received:
    3
    Totally agreed.
  20. Triprift

    Triprift

    Joined:
    Dec 10, 2007
    Messages:
    7,185 (3.09/day)
    Thanks Received:
    915
    Location:
    Adelaide Australia
    Just got it now through auto update.
  21. csendesmark

    csendesmark

    Joined:
    Mar 11, 2008
    Messages:
    344 (0.15/day)
    Thanks Received:
    24
    I say Ha-Ha if they found ... an other B!G security hole :nutkick:
    I dont use InternetSuxxplorer (and I never did)
    Opera - Firefox - Chrome This 3 browsers are much better than all Trident based crap
  22. Castiel

    Castiel

    Joined:
    May 5, 2008
    Messages:
    3,316 (1.52/day)
    Thanks Received:
    310
    Well for some reason, windows update just popped up and it had the IE7 update. Now when I Installed and restarted for some reason my computer was not laggy anymore, and it was faster than it was.
  23. Triprift

    Triprift

    Joined:
    Dec 10, 2007
    Messages:
    7,185 (3.09/day)
    Thanks Received:
    915
    Location:
    Adelaide Australia
    Yeah i noticed the same thing go figure :p
  24. crazy pyro

    crazy pyro New Member

    Joined:
    Jun 28, 2008
    Messages:
    1,662 (0.78/day)
    Thanks Received:
    125
    Location:
    Newcastle
    The obnoxious windows update appeared during my download session overnight, thankyou very much MS for updating your crapware and inconveniencing me.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)

Share This Page