A Vulnerability In Internet Explorer Puts User Credentials At Risk

Discussion in 'other security issues & news' started by hawki, Feb 4, 2015.

  1. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,957
    Location:
    DC Metro Area
    "A Vulnerability In Internet Explorer Puts User Credentials At Risk, Microsoft Is Working To Fix It

    A new vulnerability in the Internet Explorer was revealed today. This vulnerability is applicable to all the latest versions of IE and it allows anyone to access login credentials of the user. This is a universal cross-site scripting (XSS) bug and a proof-of-concept exploit was recently published on the web..............

    Microsoft is aware of this bug and already working on a fix."

    http://microsoft-news.com/a-vulnerability-in-internet-explorer-puts-user-credentials-at-risk-microsoft-is-working-to-fix-it/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed: msftnws (Microsoft News)

    "A vulnerability in fully patched versions of Internet Explorer allows attackers to steal login credentials and inject malicious content into users' browsing sessions. Microsoft officials said they're working on a fix for the bug, which works successfully on IE 11 running on both Windows 7 and 8.1."

    http://arstechnica.com/security/2015/02/serious-bug-in-fully-patched-internet-explorer-puts-user-credentials-at-risk/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed: arstechnica/index (Ars Technica - All content)

    "An Internet Explorer vulnerability lets attackers bypass the Same-Origin Policy, a fundamental browser security mechanism, to launch highly credible phishing attacks or hijack users' accounts on any website."

    http://www.computerworld.com/article/2878967/dangerous-ie-flaw-opens-door-to-phishing-attacks.html
     
    Last edited: Feb 4, 2015
  2. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    The important thing (among others) is that Microsoft are investigating.
     
  3. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    4,096
    This.
    ------------------------

     
  4. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    1,633
    Location:
    Toronto, Canada
    I just wanted to add that EMET does not protect against this.
     
  5. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,257
    This is one reason strict script control is quite effective to secure you.
     
  6. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,957
    Location:
    DC Metro Area
    As noted in ronjor's thread, Microsoft has announced a new update to fix this latest vulnerability in IE


    Adobe has also today announced a similar update for other browsers.

    The current correct proper version is 16.0.0.305


    I had my Flash Plyer in FF disabled. Then I renabled it a few minutes ago it had auto ubdated to the latest version.

    If you have not enabled auto update you should download and install the latest version from the Adobe Flash Player Download Page.

    EDIT UPDATE: OoPs, ronjor also has an Adobe Flash update thread where he last night linked to an Adobe announcement that if you have auto update enabled you will begin to receive the new update today.

    Sorry ronjor, I did not notice that thread before :)
     
    Last edited: Feb 5, 2015
  7. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,050
    Location:
    USA
    For whatever reason Windows Update fails on my desktop machine for the last 2 versions of Flash. The downside of having it controlled by Microsoft. Now I can't update it. :thumbd:
     
Loading...