• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

New Vulnerability Found in Every Single Version of Internet Explorer

Amaury

Well-known member
#1
New Vulnerability Found in Every Single Version of Internet Explorer
Source: Gizmodo
Published: April 27, 2014

Gizmodo said:
According to a confirmation by Microsoft late last night, a new zero day vulnerability has been found to affect every version of Internet Explorer. In other words—over a quarter of the entire browser market.

Attacks taking advantage of the vulnerability are largely targeting IE versions 9, 10, and 11 in something called a "use after free" attack. Essentially, the attack corrupts data as soon as memory has been released, most likely after users have been lured to phony websites. Microsoft explains:

The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.
Microsoft is currently investigating the issue and will likely release an out-of-cycle security patch to take care of the problem. Let's just hope it comes soon, because according to security firm Fire Eye, this means that about 26 percent of the entire browser market is at risk.
 

Arantor

Active member
#4
How are we still getting use-after-free bugs? Seriously, I don't understand why static code analysis tools wouldn't be picking this stuff up.
 

BirdOPrey5

Well-known member
#5
A couple weeks ago I tried to bring IE into my normal use (I usually have Watefox, Chrome, and Opera Next open at all times) but after a few days of trying my hardest to get used to it I just had to give up, it may be a lot better than it used to be but it isn't on par with the other browsers yet. Now I only use it to access a couple of local network things that only work in IE.
 

Adam Howard

Well-known member
#9
And isn't it grand that the internet explorer code base is used as quite an integral part of the operating system itself.
BINGO !

This is the #1 reason NOT to use Internet Explorer. Because if your browser (Internet Explorer) gets infected or compromised, it's basically a backdoor into your whole operating system (ie... your computer).
 

Adam Howard

Well-known member
#10
AOL for those who did not know (surprised people did not know this) also uses Internet Explorer (built in). While on the subject of AOL, they were officially hacked.

".....the Company has determined that there was unauthorized access to information regarding a significant number of user accounts. This information included AOL users' email addresses, postal addresses, address book contact information, encrypted passwords and encrypted answers to security questions that we ask when a user resets his or her password, as well as certain employee information....." -- AOL (America Online)

Source: http://o.aolcdn.com/os/memberservices/faq.html
 
Last edited:

BirdOPrey5

Well-known member
#11
AOL for those who did not know (surprised people did not know this) also uses Internet Explorer (built in). While on the subject of AOL, they were officially hacked.

".....the Company has determined that there was unauthorized access to information regarding a significant number of user accounts. This information included AOL users' email addresses, postal addresses, address book contact information, encrypted passwords and encrypted answers to security questions that we ask when a user resets his or her password, as well as certain employee information....." -- AOL (America Online)

Source: http://o.aolcdn.com/os/memberservices/faq.html
I was one of the 2.5% of accounts affected. :(
 

Adam Howard

Well-known member
#12
I was one of the 2.5% of accounts affected. :(
Sorry to hear you were one of the people who's AOL account was hacked. :(

The only member of my family who uses AOL (American Online) (and the only person I know still paying for AOL) is my Grandpa (he's 96). Keep in mind he uses Charter Communication for high speed cable internet, yet he still pays AOL for their products and services, because he likes the AOL browser interface (omg!) (and he wants to keep their support) and the other features that AOL provides to their group of paying customers (McAfee Professional for example ... again, omg!).

I still have my account with AOL (from back in the day), but it's a free account now (virtually, just email only). Originally it was a CompuServe account, but as many people should know, AOL (America Online) had bought them out.

Thankfully neither of us were compromised, although I did make the effort to change passwords and security questions. Although I recommend that people who use them for paid accounts, also cancel their debit / credit cards (better safe than sorry).
 
Last edited:

Sheratan

Well-known member
#13
Sorry to hear you were one of the people who's AOL account was hacked. :(

The only member of my family who uses AOL (American Online) (and the only person I know still paying for AOL) is my Grandpa (he's 96). Keep in mind he uses Charter Communication for high speed cable internet, yet he still pays AOL for their products and services, because he likes the AOL browser interface (omg!) (and he wants to keep their support) and the other features that AOL provides to their group of paying customers (McAfee Professional for example ... again, omg!).

I still have my account with AOL (from back in the day), but it's a free account now (virtually, just email only). Originally it was a CompuServe account, but as many people should know, AOL (America Online) had bought them out.

Thankfully neither of us were compromised, although I did make the effort to change passwords and security questions. Although I recommend that people who use them for paid accounts, also cancel their debit / credit cards (better safe than sorry).
 

Adam Howard

Well-known member
#16
I would also note that it is possible to use AOL for broadband without using their browser software and has been for some years.
This is true, but you would be surprised on how many people loose sign of that information (I belong to another forum that is virtually filled with AOL members and this was big news to them today)
 

Kim

Well-known member
#17
Last year my DH bought me a Microsoft Surface tablet, which at the time he was unaware cannot install any other browser but the built in IE; Chrome or FF just won't install despite both having versions available for Windows 8 RT which the tablet runs on.

So now I can't use the damn thing until this vulnerability is fixed.

Flippin Annoying!
 

SneakyDave

Well-known member
#18
Actually, AOL didn't buy out CompuServe. WorldCom did, kept the network stuff, and sold the subscribers to AOL.

But yeah, just keeping the facts straight.