Spyware, Viruses, & Security forum

Alert

Microsoft Releases Security Advisory 2847140

by Carol~ Forum moderator / May 4, 2013 5:07 AM PDT

From Dustin Childs @ the Microsoft Security Response Center:

3 May 2013 - 7:15 PM

Today, we released Security Advisory 2847140 regarding an issue that impacts Internet Explorer 8. Internet Explorer 6, 7, 9 and 10 are not affected by the vulnerability. This issue allows remote code execution if users browse to a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click a link in an email or instant message.

Internet Explorer 9 and 10 are not affected by this issue, so upgrading to these versions will help protect you from this issue.

While we are actively working to develop a security update to address this issue, we encourage customers using affected versions of Internet Explorer to deploy the following workarounds and mitigations included in the advisory to help protect themselves:

Set Internet and local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones

This will help prevent exploitation but may affect usability; therefore, trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.

Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and local intranet security zones

This will help prevent exploitation but can affect usability, so trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.

We also always encourage people to follow the "Protect Your Computer" guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. We also encourage folks to exercise caution when visiting websites and avoid clicking suspicious links, or opening email messages from unfamiliar senders. Additional information can be found at www.microsoft.com/protect.

We are monitoring the threat landscape very closely and will continue to take appropriate action to help protect customers.

Thank you,
Dustin Childs

http://blogs.technet.com/b/msrc/archive/2013/05/03/microsoft-releases-security-advisory-2847140.aspx

Post a reply
Discussion is locked
You are posting a reply to: Microsoft Releases Security Advisory 2847140
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Microsoft Releases Security Advisory 2847140
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Fix it for Security Advisory 2847140 Available
by Carol~ Forum moderator / May 8, 2013 11:28 PM PDT

From Dustin Childs @ the Microsoft Security Response Center:

8 May 2013 - 4:32 PM

We have updated Security Advisory 2847140 to include an easy, one-click Fix it to address the known attack vectors. The Fix it is available to all customers and helps prevent known attacks that leverage the vulnerability to execute code and should not affect your ability to browse the Web. Additionally, applying the Fix it does not require a reboot. We encourage all customers using Internet Explorer 8 to apply this Fix it to help protect their systems. Internet Explorer 6, 7, 9 and 10 are not affected.

The Fix it is an effort to help protect as many customers as possible, as quickly as possible. We continue to work on a security update to address this issue and we're closely monitoring the threat landscape.

http://blogs.technet.com/b/msrc/archive/2013/05/08/fix-it-for-security-advisory-2847140-is-available.aspx

* * * * * * * * * * *
An added workaround would be to deploy the Enhanced Mitigation Experience Toolkit (EMET) as noted under Suggested Actions (Workarounds) of the revised (V1.1) Advisory.

Collapse -
Vulnerability Addressed with Security Update MS13-038
by Carol~ Forum moderator / May 14, 2013 4:12 AM PDT

As noted below and also in the Security Bulletin Summary for May 2013, security update MS13-038 (permanently) addresses the vulnerability discussed in this thread.

MS13-038 | Security Update for Internet Explorer

This security update permanently addresses the Internet Explorer 8 issue described in Security Advisory 2847140 to help ensure customers are protected. This security update is rated Critical for Internet Explorer 8 on Windows clients and Moderate for Internet Explorer 8 on Windows servers. There is no severity rating for Internet Explorer 9. This issue was publicly disclosed and there are limited known targeted attacks.

Popular Forums
icon
Computer Help 49,613 discussions
icon
Computer Newbies 10,349 discussions
icon
Laptops 19,436 discussions
icon
Security 30,426 discussions
icon
TVs & Home Theaters 20,308 discussions
icon
Windows 10 360 discussions
icon
Phones 15,802 discussions
icon
Windows 7 7,351 discussions
icon
Networking & Wireless 14,641 discussions

Smartphone tip

Hoarding photos on your phone?

Those picture are hogging memory and could be slowing down your phone.