IE 7,8 and 9 Zero-Day Exploit

[Tunnelcat]

Yet another reason out of many to stick with Firefox or Chrome.

http://www.securityweek.com/new-interne ... oited-wild

[Krom]

A web browser has a security vulnerability, what a shocking piece of news...

[Isaac]

Screw explorer.

[TigerRaptor]

Firefox - NoScript

Chrome - ScriptNo

Less B.S to worry about.

[Jeff250]

The problem with IE's security isn't that it has zero-day vulnerabilities but that you have to wait until the next patch Tuesday (at the soonest) for the fixes.

[Sirius]

They issue out-of-band updates for critical vulnerabilities (Iike this one). A fix should show up in the next few days from what I was reading.

And as Krom indicated, zero-day exploits aren't a new thing (and are not unique to IE either) - the world is not ending, security practices remain the same as before; avoid dodgy sites, don't click suspicious links, and you're extremely unlikely to be attacked by this. If that's not enough for you you can disable ActiveX entirely, or use a different browser. (Other browsers don't use ActiveX, which removes one attack surface, but there are still other ways to compromise them, so you still need to apply some common sense on the internet.)

IE9 isn't my primary browser, but that has a lot less to do with security than the fact that I really want certain Firefox extensions on my home PC. ABP is indeed one. Now if only they would do some sandboxing so a single lagging Flash page didn't kneecap everything...

[Grendel]

Not the 1st ZDE, not the last.

http://technet.microsoft.com/en-us/secu ... ry/2757760

[Sirius]

Fix is on Windows Update now: http://technet.microsoft.com/en-us/secu ... n/MS12-063

[Top Gun]

Hmm, guess that's why I just needed to restart.

[Tunnelcat]

You guys don't even want to hear the multitude varieties of curse words that are coursing through my head about IE and Microsoft right now.

An update finally comes out and I try to install that damn thing. Well, it gets to the 99% installed point and just sits there........and sits there........and sits there. I wait for ten minutes, bupkiss. So sh*t, I try to stop the installation. No joy. I try the task manager, it won't even open. I try the 3 fingered salute and the task manager finally comes up and I stop the Windows Update process. Then I try to reboot. It hangs saying not to shut off or unplug my machine because it's installing an update. Well, sh*t again, I wait a little longer. Still no joy. So, since my machine has a BIOS controlled hard reboot button, I force a reboot. It reboots just fine, but Windows Update still comes up saying I need to install the stupid update! Fat chance! I think MS rushed this little patch out a little too soon. Anybody else have this happen? I don't even want to try on my other 2 Windows 7 machines at the moment. &$%#^@ IE9, and I don't even use it!

[Krom]

No, my SSD chewed that update up in a few seconds (most of which was creating a restore point) and then rebooted without issue.

[TigerRaptor]

I don't even use it!

That is what I said to myself one day and out it went.

[Tunnelcat]

No, my SSD chewed that update up in a few seconds (most of which was creating a restore point) and then rebooted without issue.

If you have MSE on your system, do you disable it when you do a Windows Update????? I've never done this during past updates.

I think that's what caused my problem. When I went into the event log, besides a whole bunch of kernel errors from a forced reboot, there was one associated with MSE, specifically involving this error: Session "Microsoft Security Essentials OOBE" stopped due to the following error: 0xC000000D, which usually indicates that MSE was interrupted in progress and the file EppOobe.etl has been corrupted. Of course, that could have happened due to the forced shutdown, but who knows? So on a hunch, I then went and turned off MSE, went back to WU and had no problems installing the update this time, especially since it was already downloaded. I also had to delete that stupid .etl file so that MSE could repair it upon another reboot. Seems OK for the moment.

I also turned MSE off on another computer and that update worked without a hitch, AND it's got an even slower hard drive. If the problem is MSE, what a bunch of incompetents at Microsoft. You'd think that WU should know how to deal with MSE being active, or vice versa, during an update.

[Krom]

Actually I did have MSE running at the time...Forgot to uninstall it after spot checking some files.

[Spidey]

It’s always advisable to turn off any security suites when installing software, but I never have any problems with WU either way.

[roid]

Installed an update to IE recently (might have been this one).
I was wondering why it's even nessesary.
The only time IE ever gets used is once on a new install - and it's to download another browser.

Can i uninstall it? i remember it being drilled deep into in past windows versions, is that still a thing?

[Isaac]

Isn't IE integrated with Windows' file manager?

[Foil]

No, my SSD chewed that update up in a few seconds (most of which was creating a restore point) and then rebooted without issue.

Same here. On my son's machine (an old P4) it took about four minutes to update and reboot, but my work rig (with an SSD) did the update and reboot in less than 25s.