The United States Computer Emergency Readiness Team (US-CERT) is aware of active exploitation of a use-after-free vulnerability in Microsoft Internet Explorer. This vulnerability affects IE versions 6 through 11 and could lead to the complete compromise of an affected system.
US-CERT recommends that users and administrators enable Microsoft EMET where possible and consider employing an alternative web browser until an official update is available.
Note that this vulnerability is being exploited in the wild. Although no Adobe Flash vulnerability appears to be at play here, the Internet Explorer vulnerability is used to corrupt Flash content in a way that allows ASLR to be bypassed via a memory address leak. This is made possible with Internet Explorer because Flash runs within the same process space as the browser. Note that exploitation without the use of Flash may be possible.
By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code.
We are currently unaware of a practical solution to this problem.
Read more in the full article here.
MacDailyNews Take: For the random Windows PC sufferers who’ve arrived here in the land of computing enlightenment via search or other means:
Don’t stop at getting a real browser, get a real computer. It’s way, way past time.
Every Mac comes with Apple’s excellent Safari, the web browser we highly recommend, free of charge.
Microsoft risks even further Windows security woes by retiring XP – March 10, 2014
Massive data breach: Target’s Windows-based PoS terminals were infected with malware – January 13, 2014
The Microsoft Tax: Malicious worm on Skype lets hackers hold Windows PCs for ransom; Macintosh unaffected – October 10, 2012
The Microsoft Tax: Critical Windows flaw affects millions of high-value PCs with self-replicating attacks – March 13, 2012
The Microsoft Tax: Virus infects Windows PC control systems of US Predator and Reaper drones – October 8, 2011
The Microsoft Tax: ‘Indestructible’ botnet attacks millions of Windows PCs; Macintosh unaffected – July 1, 2011
The Microsoft tax: Stuxnet computer worm infects Microsoft’s porous Windows OS; Mac unaffected – September 27, 2010
The Microsoft Tax: New undetectable Windows trojan empties bank accounts worldwide; Mac unaffected – August 11, 2010
The Microsoft Tax: Windows zero-day flaw exposes users to code execution attack; Mac unaffected – August 09, 2010
The Microsoft Tax: Critical flaw lets hackers take remote control of Windows PCs; Mac unaffected – August 07, 2010
The Microsoft Tax: New attack bypasses every Windows XP security product tested; Mac unaffected – May 11, 2010
The Microsoft Tax: McAfee correctly identifies Windows as malware; Macintosh unaffected – April 21, 2010
The Microsoft Tax: DNS Windows PC Trojan poses as iPhone unlock utility; Mac and iPhone unaffected – April 15, 2010
The Microsoft Tax: 1-in-10 Windows PCs still vulnerable to Conficker worm; Macintosh unaffected – April 08, 2010
The Microsoft Tax: 74,000 Windows PCs in 2,500 companies attacked globally; Mac users unaffected – February 18, 2010
The Microsoft Tax: Widespread attacks exploit Internet Explorer flaw; Macintosh unaffected – January 22, 2010
The Microsoft Tax: Windows 7 zero-day flaw enables attackers to cripple PCs; Macintosh unaffected – November 16, 2009
The Microsoft Tax: Windows 7 flaw allows attackers to remotely crash PCs; Macintosh unaffected – November 12, 2009
The Microsoft Tax: Windows virus delivers child porn to PCs, users go to jail; Mac users unaffected – November 09, 2009
The Microsoft Tax: Worms infest Windows PCs worldwide; Mac users unaffected – November 02, 2009
The Microsoft Tax: Banking Trojan horse steals money from Windows sufferers; Mac users unaffected – September 30, 2009
The Microsoft Tax: Serious Windows security flaw lets hackers to take over PCs; Macintosh unaffected – July 07, 2009
The Microsoft Tax: Windows Conficker worm hits hospital devices; Macintosh unaffected – April 29, 2009
The Microsoft Tax: Conficker virus begins to attack Windows PCs; Macintosh unaffected – April 27, 2009
The Microsoft Tax: Conficker’s estimated economic cost: $9.1 billion – April 24, 2009
Flash and IE combination works well 🙂
Meant to give you 5 stars for that. Oops. Anyway, you gave me a good laugh.
Actually, today is an EXCELLENT day to pull that joke! Adobe just rushed out an unscheduled CRITICAL update to Flash Player because there’s a zero-day exploit of Flash out in the wild for Windows users. Nasty, dangerous Flash. (Link to me):
I’m way ahead of them! Haven’t used IE in years!
I was gonna say, we’ve all been saying that for years!
I get to have a spanking brand new PC with Windows 8.1 on it soon for work. How excited am I? Ugh…Hope I get to load it up with Anti everything shot of slipping a prophylactic on the machine itself.
Lucky you! I have to suffer a shonky old PC box with Vista Business and IE.
Woe, is indeed, me. :^(
You know, Vista is better than 8.1 No, really, it is. 8.1 is STUPID!
OMG. So I went to check out 8.1 and came to this conclusion.
1. With Windows 8.1, Mac users are complete village idiots and see only the most unintuitive, convoluted OS ever conceived to date. An operating system with no navigation sense whatsoever. No fluidity in almost any action you do on the OS level.
2. For Windows Users & iHaters, Microsoft Windows 8.1 is made for Super Duper Geniuses that finds the entire OS super easy, super intuitive, just makes sense, all the tiles, scrolling up, down, left right, confusing control panels and settings perfectly done.
Vista! Oh yeah that’s really sad! 😱
Why is Flash still on any Web page?
Why is Winblows still on any computer?
Why is it still called a computer and not a Mac?
Why do I still on live on this planet?
Good thing I only use IE at work.
Well, I guess it’s a good thing all government and military computers use Windows and IE (including the one I am on now).
The sooner that piece of bloated crapware dies…the better!
Ditto for the company that makes it.
I’m no fan of M$. However, we need them to make the cheap crap that the low end buys, otherwise Apple would not feel the same or as much pressure to improve as they do when the sweaty masses buy crap.
… Which feeds into my theory that innovation is driven by competition. Like it or not, that Windows box crap is the prime competitor with Apple gear.
As a web developer…it is rubbish as it does not conform to standards. Microsoft knows better and went it’s own way.
Why not consider deploying an alternative web browser forever? You gotta know this is not the end of it. And while they’re at it, why not an alternative OS?
Most Windows-oriented IT doofuses will not let employees use any browser but the fine Internet Explorer POS. What are they going to do now? Load Safari or Firefox on those beautiful Dell boxes?
I can see the terror in the eyes of all the doofuses now.
Nor will they give you admin privileges so you can install a safe browser yourself.
Is it doofuses or is it doofi?
With Safari I don’t even need Flash anymore: Whenever that stupid message appears (“You need to update to the current version of Flash”) where a video should appear, I just use Safari’s Develop menu to switch my user agent to that of an iPad — the page refreshes and the video plays (99 out of 100 times).
Can you explain that a little bit? I’ve never been sure what a “user agent” means.
Sure: The user agent is something the browser supplies with each request to a website. It generally identifies things like what version of the browser and the operating system it’s running on. A normal Safari on Mac user agent string includes mention of Mac OS X, whereas from an iPad it says it’s on an iPad and that it’s “like Mac OS X” — but most video websites like YouTube see that iPad mention and switch over to showing a version that will run without Flash! It’s annoying that you have to trick them this way, but it gives a little jolt of “ha ha I win” satisfaction when it works!
How brilliant of you jt016! I never even noticed. HeeHeeHaHa!
I haven’t even seen IE being used in…. can’t tell you when, years I’m sure.
I still use Windows 7 at work. It’s like a technological time machine every morning. I go from modern computing to medieval in a 20 minute commute. And I’m being kind. It actually feels like using a sharp stone when I have a laser at home.
My work Windows 7 PC froze today and when I hit ctrl-alt-del it popped up a message saying it couldn’t display the ctrl-alt-del dialog box. You simply cannot make this shit up.
That’s a good one! We had one say “Keyboard not found, press F12 to continue.”
Now that is funny, because most government sites only work with IE. that is, when they work properly, which isn’t much at all.
Watching 60 Minutes last night, I was gagging with nausea looking at the computers #MyStupidGovernment uses at their nuclear missile silo coordination centers. 5 1/4″ floppy disk quality crap from the early 1980s. Then the high ranking military IT doofus they interviewed DARED to defend their system as ‘safe’. OMFG. 😯
Not 5 1/4 floppies- 8″ floppies! Even _more_ obsolete! That doofus is just daring what’s his name over there to start up his missiles.
Sorry for the error. I was tempted to think I was seeing 8″ floppies on the TV, but thought to myself: ‘No, couldn’t be. That’s simply too frightening to consider. Must be 5 1/4.’
It was a very surprising program. There was a nice MAP of where the nuke missiles are located. Lots of landscape shots to compare to satellite maps. Lots of interviews with incoherent people who work for #MyStupidGovernment. Lots of demonstrations of antiquated crap hardware (phones and doors that FAIL), decrepit software.
Yup Chinese empire! Come on over and nuke the hell out of our nukes!
Hello Muslim empire! Here are all the nukes you’ll ever want for destroying miracle planet Earth, our only home, for the sake of your delusions that you serve any god other than the one you invented in your own deceptive minds.
Astounding, isn’t it. This Microsoft insecurity garbage happens at a stead clip. But oh no! Let’s be Apple Bear Bullshitters. It’s far more fun.