IE rebrand?

Microsoft considered rebranding IE

IE support

Older versions of IE will see their support end

Block it!

IE will block that old ActiveX control soon

Hypothetical threat watch

New malware exploits USB, but isn't really that scary

Apps

Microsoft helps to launch web-based Catan Anytime game

Microsoft News

Microsoft issues security advisory affecting all versions of Windows, Windows Phone

General News

UK government set to rush through emergency surveillance legislation

General News

UK officials follow US counterparts by banning electronics that have no charge from boarding flights

Windows

Several security updates coming to Windows PCs and tablets Tuesday

Microsoft News

Microsoft restores control of seized domains to No-IP

Apps

Microsoft details password syncing for IE11 on Windows and Windows Phone

Windows 8 Apps+Games

1Password for Windows gets much needed 4.0 update

Software

Internet Explorer Developer Channel offers bleeding edge web experience

Microsoft News

Microsofts posts four new ads on the benefits of Internet Explorer

Microsoft News

Microsoft's IE team partners with ESPN for new World Cup 2014 news site

Microsoft News

Music startup 22tracks works with Microsoft to redesign its web experience for touch

Editorials

Using strong passwords and keeping your online self secure

Announcement

Microsoft partners with Ubisoft for Assassin's Creed Pirates

General News

First smartphone 'kill switch' bill in the US passed by… Minnesota

Apps

Secure your passwords and critical information with Enpass Password Manager

136

Microsoft issues warning about limited, targeted attack vulnerability in Internet Explorer

Microsoft issues warning about limited, targeted attack vulnerability in Internet Explorer — What you need to know!

Microsoft has issued a security advisory for Internet Explorer due to a "zero-day" limited, targeted attack vulnerability it's found "in the wild". Versions of IE include Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11. "Zero day" means it came without warning and "in the wild" means it's already being exploited. There's no mention of Windows Phone having the issues, but if you use Windows in general, it's something to be aware of, but not something to panic about. Here's why...

The exploit is a remote code execution. That means someone needs to trick you into going to a malicious website in order for it to work. What's more, according to Microsoft's security note:

  • By default, Internet Explorer on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 runs in a restricted mode that is known as Enhanced Security Configuration. This mode mitigates this vulnerability.
  • By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML email messages in the Restricted sites zone. The Restricted sites zone, which disables script and ActiveX controls, helps reduce the risk of an attacker being able to use this vulnerability to execute malicious code. If a user clicks a link in an email message, the user could still be vulnerable to exploitation of this vulnerability through the web-based attack scenario.
  • An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • In a web-based attack scenario, an attacker could host a website that contains a webpage that is used to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website.

So, normal, prudent browsing practices should keep you safe. Don't run as administrator, don't click on links to websites you don't know and trust, and if you're at all concerned, default to Firefox or Chrome until Microsoft issues a security fix.

These types of exploits happen. Perfect code is almost impossible these days. From "goto fail" to "Heartbleed" exploits are going to keep getting found. The important thing is how the companies involved handle disclosing and fixing them, and how we keep ourselves safe in the meantime.

If anyone has any other security recommendations, add them to the comments!

Source: Microsoft

5
loading...
117
loading...
71
loading...
0
loading...

Comments

There are 136 comments. Sign in to comment

Lots of typos here....

blessthejon says:

No one comes here to check for typos. We come here to look for news & help. Get lost.

I was just making a point. It's unusual to see that many typos in one of these articles....

link5a says:

No need to be rude.

wpn00b says:

Don't be rude.

Devin19 says:

Don't be evil.

kenzibit says:

And typos are part of modern day technology. Live with it.

kevC4D says:

That's barbaric!

mrappbrain says:

It's not good journalism. Writing involves copyediting. Only posts written in a hurry should have typos.

FFugue says:

Posts about a warning to users on a blog are written in a hurry, and that's how it should be, since they want as many people to be aware of the problem as fast as possible. On a post like that if you want to see if it's been edited properly you need to come back the next day and see if the errors are still there. If the errors are still there tomorrow then there really is a problem...

wpn00b says:

I agree with this, but there is no need to attack someone for pointing it out. You weren't in the wrong though.

JM_T says:

Typos are typos and their supposed to be corrected. Unless your someone who lieks to see language deteriorate. Who would of taught proper spelling and grammer isn't needed in the digital age anymore. ;)

JM_T says:

You didn't get the joke. And that's the only one you spotted? SMH

I got the joke. But that had to be said. I have found many typos :D

JM_T says:

Lol. Heil grammatik!

I'm German. 9th grade. For 9th grade it is ok :b

wpn00b says:

Haha nice one.

schlubadub says:

*would've *thought *like :)

KMF79 says:

Are you kidding me. Typos' are not part of "modern day technology". As a matter of fact spell checking is a part of "modern day technology." All authors on this site should be writing their articles in Word before publishing. It would take care of all the issues with spelling and sentence structure. It would also make the site look more professional and lend it some more credibility.

DatabaseMX says:

Exactly. **Spell Check**

Rene Ritchie says:

Fixed! Zero day them!

sd173 says:

Yeah, a lot of the articles have grammar issues. Since I'm addicted to WPCentral, I've just learned to ignore them and read it the way it's supposed to sound in my head.

mjrtoo says:

It's not rude or barbaric, a professional article should be error free. I'm sure the editors agree.

Thank god IE is too slow to consider using.

CreepinJesus says:

What is this? 2009?

Jagar Tharn says:

nope , it's quite fast . You are probably talking about i.e. 8 , you should consider updating to i.e .11

blessthejon says:

IE 11 is faster than chrome & Firefox for me.

IE11 (and 10for that matter) is super fast for me using windows 8. I've actually uninstalled firefox about a year ago BC of this.

Faster than any other browser out there at the moment for me. Made me ditch Firefox and Chrome

kevC4D says:

Really? Either upgrade your system, unsinstall your 20 toolbars, or quit living in the past.

I'm using 11 clean out the box and it is sluggish as anything. Brand new Win 8 laptop. This is desktop mode, not modern UI. Chrome still knocks spots off it and looks better.

kevC4D says:

What box did you take it out of? because I have zero issues with ie. It works fine one my windows phone, it works great on my surface, and it works perfectly on my PC. On a side note, because i do some web development i do have firefox just for testing, now that's a sluggish browser, i really hate using FF.

rockstarzzz says:

You have ZERO issues? Try this. Open web outlook for any institution. Try and change your signature for emails. IE11 can't even open Microsoft services, Chrome can. I love IE11 but this is criminal.

Naren Parker says:

Our organization uses MS Exchange Server and we get to check our mails using OWA and guess what, it works best in IE. Infact if you use other browsers, you dont get the full functionality. It could be that your Exchange OWA is not updated to support IE11. We had this problem till sometime ago when older IE versions would open OWA with full functionality but IE11 wont. An update on the server side fixed this and I actually use Outlook 2013 only for tasks like Team Emails, advanced scheduling functions etc. Most of my emailing is now happening with OWA running in IE11.

sasukeluffy says:

I use Windows 8.1 and IE is definitely the fastest browser out. And comparing the 'look' of browsers... Seriously, theres like 1/10 of your screen for the browser and all of them 'look' almost identical... I don't get it.

Mine is also slow and crashes few times so I use opera on my Windows 8 machine

Dialog boxes, tabs, notification windows.. just don't look right. I want to like it but in desktop mode it just doesn't cut the mustard. Even starting up takes a good 30 seconds. Maybe I should reinstall it? It came pre loaded on a new Acer V5.

Brian Brown2 says:

Any PC you buy from a vendor, first thing you do is charge it, then wipe it. Gets rid of all the crap software vendors install. With Windows 8/8.1 you could try doing a full system restore, but I'm not sure if that would get rid of everything. To do this, go to the PC settings app>Update and Recovery>Recovery and click on "Remove Everything and Reinstall Windows". Will clean all the junk right out, or it should anyway.Will most likely give your new hardware a nice speed boost too.

Cheers I'll give it a whizz.

laserfloyd says:

Sounds like out of the box bloated it up. Try a fresh install. Its easy these days. It shouldn't run slugging at all on a new machine. My four year old 300$ laptop runs it fine. So something is up with the system/install.

Tense says:

Yes. I used to use Chrome, but Opera is so much faster than IE, FF or Chrome. At least for me it is.

Kadcidxa says:

Internet Explorer 11 sluggish on desktop mode? Not here on any of my Windows 8 devices. Chrome and Firefox on the other hand are bloated and sluggish.

What about blurry fonts? Forgot to mention that. Twitter is especially bad.

wpguy says:

Then your box is loaded up with other software interfering with the normal operation of IE, and probably Windows itself.

Stevied1991 says:

But you can't browse the internet without toolbars.

SwimSwim says:

Only the desktop version. Metro IE 11 kicks ass.

Exactly. Metro is good. Not everyone lives in the modern UI though.

micallan_17 says:

since IE 9 came out I haven't looked back, now am at IE 11 and am as happy as the day IE 9 came out, if there was IE for Android i would be using that too.

portalfocus says:

I have been using IE since windows 7. And now I'm currently on windows 8.1.1 and it work very very good, fast and so on

I was going to say almost the same thing: thank God then that nobody uses it! I don't know about speed. I think all browsers are fast on my connection. But the sheet crappiness of it!

Talk4Lig says:

So this is issue just for pc right? Not windows phone?

Roun says:

I was wondering the same thing...

Rene Ritchie says:

The word "phone" doesn't appear in the warning so my guess is that it's Windows (not Phone) only, at least as currently disclosed.

jhoff80 says:

It is definitely PC only.

Since the rendering engine is the same, it is also affected. But since Windows phone doesn't have all the components of Windows, it isn't affected.

blessthejon says:

Will Malwarebytes Anti-Exploit help prevent this?

Good thing I use Google Chrome!! Love ad block and is speed but I set the default search to Bing! Also chrome sync.

Jagar Tharn says:

be careful of  chrome extensions then , they are full of malware

I only use ad block and Google Bing rewards hack that earns rewards for me.

OsamaAdam98 says:

Live long and prosper, You made me laugh today.

Chrome is spyware itself but these kind of attacks also exist within Chrome. Just Bing it up ;) I wouldn't trust extensions; who knows what kind of data they're submitting or doing to your set-up.

By the way, the same AdBlock is now available for IE too :D, although personally, I prefer to use TPL within IE. Also, TPL allows you to subscribe to the blocking list created by the AdBlock team.

Studio384 says:

Chrome is the most logic choise, indeed. Instead of running a chance to be hacked with Internet Explorer, Firefox or Safari, with Chrome, you have 100% guarantie that you are being spied on by the browser itself, no worries for hacks anymore, the browser is a hack. Also, it saves passwords very easy, hand to access all of your secret passwords by anyone just with 3 clicks through the settings. Best. Browser. Ever.

 

/s

spyridon says:

Lol, probably the best comment i've read in a long time, cheers

exkerZ says:

So much fallacy though ><

-- Bam --

spyridon says:

Default to chrome? Default to google? No thanks, Firefox will do :)

Chef316 says:

Ever tried Opera??? I like it alot

It's google chrome ever since they got rid.of presto.

spyridon says:

At some point was my default browser, but it always felt incomplete for some reason for me, i prefer the non-profit model from mozilla for my alternative choice of IE

mesamit says:

wrong!!!.....opera uses chromium engine so does google chrome........google chrome is just chromium browser with google bloatware on it....

KMF79 says:

I love Opera. I always have going back to Windows Mobile 5. I'm not saying it's perfect, but it really is good. Its worthy of more praise/attention than it gets.

Couldn't agree more - Chrome is malware / spyware itself.

OsamaAdam98 says:

I don't know for how long you had been on the internet to believe such a thing.

The only difference is, you are officially spied by the corporation! As their ongoing efforts of harvesting user data, Google profiles all your activities and sell it to the highest bidders: Ads agencies or Government agencies.

Corporations can't make billions each quarter doing clean ads business, and especially when all the products are free of cost. There is something seriously wrong with the equation. Think about it!

OsamaAdam98 says:

What company profits from selling information to the government :|

Your beloved: Google.

OsamaAdam98 says:

That'd had been weird if it was something real and not only what Microsoft wants their fanboys to believe.

spyridon says:

No fanboy conversation here, not from my part at least. For sure microsoft is not the best company in the world, microsoft love us etc etc. All of these companies have one final simple goal, its called profit. Now the fact that google seems more untrustworthy in the eyes of let's say a lot of people it has to do with their acts and policies. I just wish they were more ethical for final users cause they are indeed an innovative company with great portfolio. And you know what it's their arrogance as well, (If people doesnt want us to read their gmails they should't sent them in the first place).

So in short it's not that we woke up a day and said lets hate google, they did something wrong to create that feeling towards them.

Well its not what Microsoft led me to believe, its the general perception and unethical approach of making profit on you without your consent!

For instance, I registered an online exam and got a confirmation email in my Gmail inbox. After sometime I was start getting ads about the same exam organization everywhere (Gmail, YouTube, websites with ads). Did I sign for this? Certainly not. Chrome collects rather more information than the Gmail.

OsamaAdam98 says:

I get your point but imagine if they never used these information all the ads would be like the ones you see on piratesbay where it's porn and only porn in your face.

spyridon says:

Well it seems that once again the coin has to sides, what are we willing to sacrifice for our convenience.

Not all people have the same priorities and concers about their privacy, hence we make our choices according to what we beleive is best for us

OsamaAdam98 says:

Alright we reached somewhere in the conversation.

Naren Parker says:

Or one can use Chromium portable or build from source if one is interested in the rendering engine without the Google bloatware / privacy issues. But even that is not as efficient as IE11, I must say.

I like Opera just as much as IE 11

TechFreak1 says:

Everyone must have a decent firewall and antivirus is a must. Better safe then sorry :P.

Chef316 says:

Running TrendMicro Internet Security. Haven't seen any issues in a long long time using their software/services. Hopefully this one doesn't make it through.

MediaCastleX says:

I imagine that links you get on social networks are also a hazard..?

Rene Ritchie says:

Sure, social networks especially can be "infected" with malicious links.

WindowsLocos says:

Seems fast [user disconnected]

Marco Gomes1 says:

I've got a security tip that's been working for me for ages: Use your brains.

madmass says:

Burn anything with IE in an oven, that will keep u safe

Marco Gomes1 says:

Anyone knows a way to make the favorites bar on i.e. 11 black or other dark colour?! That light grey bar is fugly!

When will the fix be out? Patch Tuesday?

Even though IE 11 is great for touch and is fast, I hate it as much as I did lots of years ago.

The are barely any extensions and that is plainly stupid in 2014.

I hope they'll let us install different browsers (different engines) on WP sometime this year, or at the next big update.

Chrome all day!

Studio384 says:

How is extension-less browsing stupid? Besides, Internet Explorer was the first browser to introduce extensions, the extension system has been there for years. Also, Chrome and Firefox are the only major browser that do support extensions as you want it, they are a minority. Not to mention that their mobile counterparts lack support for most of them too.

Fade_z says:

I'm now defaulting to chrome but I really like IE alot but the browsers UI isn't as good as chrome for me.

Maybe if I got the fav-bar and adblock working I would use IE11 more (I know/heard they are avaible but only alot of shitty malware sites popped up)

Studio384 says:

What do you mean? Just go to the official AdBlock website and there you go. For the favorite bar, what's wrong with right mouse click > Show favorite bar?

QilleRz says:

Ok will follow. Thanks ya Rene !

milfermon says:

And then they want to change how people see internet explorer, this security problems always involve IE, it's impossible not to troll it

spyridon says:

Maybe because Microsoft wants to be clear with their customers and admits it while others just hide things?

I find it a bit unlikely though that  these things only happens to IE and apple's safari. Both of these giant companies care about their reputation so they try to be as clear as possible.

I don't really know, just saying

exkerZ says:

Not a lot of people use IE anyways to make a difference if they stop using it when there is a problem. And most other browser creators tend to be faster at fixing their errors. So... Security threats are not that big of an issue? I babble, but it is a possibility

Although. This is probably serious if Microsoft did in fact go out and tell people that IE is facing a threat.
-- Bam --

ladydias says:

Why do people keep spreading that bit of misinformation? There are still plenty of people who use IE. Contrary to popular belief the average person doesn't install the latest browser unless they see it advertised enough and they sure as heck don't use extensions with maybe an ad-block being the exception.

madfred says:

You do realize that over 25% of internet users use IE, right?

exkerZ says:

As oppose to the other browsers? (Over 25% is not over 50%) Where is the scale heavier? I'm not saying no one uses it. I am saying it holds the minority.
-- Bam --

ladydias says:

So you are saying that because the scale is not weighed in favor of IE because there aren't as many people using it (though it's in the number 2 position) all the people who enjoy using it should just jump to another browser because there are more people using the other one? No offense but all browsers have security vulnerabilities, it is the nature of the beast, just some are more open about it than others. Very few, IE included, do nothing about browser-breaking bugs. I'd rather know when something comes up than to be left in the dark just so a company can maintain the appearance of being impervious to bugs/exploits.

exkerZ says:

That was a complete strawman... Never said that. You just don't like what I said "IE isn't as big as the rest." Not too hard to understand, is it?
Any who, my implication was that it is easier to let, say, 1 million users know that there is a problem..vs letting 50 million users know that there is a problem. (Just to be clear before another illogical fallacy comes up, I am not saying IE has 1 million users only.) You lose less when 1 million take a break from your product. If you rely on 50 million to use your product, you lose less from fixing the problem and never announcing it to EVERYONE.

Now before I hear more nonsensical distortions, this isn't an argument on opinion. This isnt even an argument. It is open minded possibility.
-- Bam --

ladydias says:

Whatever you say. I'll not debate you on this because you are allowed your own opinions. If it pleases you to believe I disagree with you solely because you said "not many people use IE" then by all means do so. If it also pleases you to believe your earlier statement would be interpreted by a normal person in any other way than what I concluded it said then more power to you. I'll not get into a silly argument over browser market share or the like as it's pedantic.

exkerZ says:

You don't know how other people think. You cannot decide how people will interpret anything. Just curiosity though, can you read my statements again and make sure you didn't misunderstand what I said?
And to be fair.. Again, whenever someone says something that others don't like.. They will be challenged. And that's really why the latter misunderstands a point.
-- Bam --

mjrtoo says:

Yes, you did say that. When you claim this stuff show facts, not just some random numbers you pull out of your ass.

ladydias says:

Note the disclaimer at the bottom of the page:
Statistics Can Be Misleading
You cannot - as a web developer - rely ONLY on statistics. Statistics can be misleading.
Note: W3Schools is a website for people with an interest for web technologies. These people are more interested in using alternative browsers than the average user. The average user tends to use the browser that comes preinstalled with their computer, and do not seek out other browser alternatives.
Tip: Global averages may not be relevant to your web site. Different sites attract different audiences. Some web sites attract professional developers using professional hardware, while other sites attract hobbyists using old computers.
Anyway, our data, collected from W3Schools' log-files over many years, clearly shows the long term trends.
So yes, we are done here. :-)

exkerZ says:

that just says that results may vary depending in website/community. Does that make them wrong?

But Okay, I understand that and put it here knowingly of what it said.
So we agree to disagree?
Friends? :D
-- Bam --

ladydias says:

Sure, why not? :-)

andresalviar says:

F*ck, and now, all news are about IE and how dangerous is to use it. All my hard work at reinvindicating IE to people has just been useless at all.

IceDree says:

They had an episode about the "Zero-Days" a few weeks back in NCIS LA.

Looks like I'll might go back to Safari ... Better safe than sorry.
Thanks for the heads up René & as always, good to see you here :)

wpn00b says:

I have to ask, does anyone else get weird lockups with IE occasionally? Happens to me ask the time after a Bing search leads me to Huffingtonpost.com for an article. Sometimes YouTube (especially today) but definitely Huffingtonpost. At work on IE 9 and at home on IE 11(DESKTOP)

Well, looks like I will be getting UC Browser again

Cryio says:

I don't know about you guys, but I'm eagerly awaiting IE12.

I have internet explorer 14

Jazmac says:

NSA has been busted again.

jhoff80 says:

In addition to what the article says, if you're on Windows 7 x64 or Windows 8, enable "Enhanced Protected Mode" (which blocks this exploit) and if possible, also enable "64-bit processes for Enhanced Protected Mode".  Or, stay in Metro IE, which since it always has EPM on, is just safer in general.

rysliv says:

The enhanced security feature in windows server makes browsing a pain. I just disable it.

Love IE since IE 9. It's just as fast as chrome. Just deactivate any toolbars and add ons.
To check the impact of add ons, try the IE with no add ons

chmun77 says:

"Don't run as administrator, don't click on links to websites you don't know and trust, and if you're at all concerned, default to Firefox or Chrome until Microsoft issues a security fix."

True that! That's why I only used IE as the tool to download other browsers whenever I install Windows, and nothing else.

AccentAE86 says:

So would this affect IE running in Metro?

I'm curious to know the actual answer.  Because, from what I understand, Metro IE is quite a bit safer as it is much more restrictied and locked down.

 

Nokia5110 says:

Microsoft SCROOOGLING me?

Why not move to enhanced security even now...if server 2008 can use it what stops us?

sunbee says:

I used to like IE6 just like XP and from the time IE7 came I avoided using IE and started using Firefox and it used to be good but recently its been very slow and also makes my system slow. I never liked Chrome cause it eats up more memory. I did not try IE11 after 8.1 update but on my Lumia it works like a charm. Sometimes these vulnerabilities are caused by Adobe flash player and Oracle java plugins.

bozvandam says:

Had beans for lunch today and personally I prefer brand 'x' over brand 'y' and so feel everybody should think like me. Just sharing ;)

Wow a good news for me...can I try hack some one