Microsoft fixes '19-year-old' bug with emergency patch

Discussion in 'other security issues & news' started by Osaban, Nov 13, 2014.

  1. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,222
    http://www.bbc.com/news/technology-30019976
     
  2. Veeshush

    Veeshush Registered Member

    Joined:
    Mar 16, 2014
    Posts:
    643
    Always makes you think about how many other ones aren't known about yet.
     
  3. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    "Attackers could exploit the bug to remotely control a PC, and so users are being urged to download updates."
    So no bad guy has taken advantage of this during the 19 years :cautious:

    "but worked with Microsoft to fix the problem before going public."
    Good, other "researchers" should do the same.
     
  4. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,222
    I presume that XP won't be patched, even though the bug has been there for 19 years....
     
  5. DR_LaRRY_PEpPeR

    DR_LaRRY_PEpPeR Registered Member

    Joined:
    Oct 11, 2012
    Posts:
    141
    Location:
    St. Louis area
    XP is already fixed, same time as the others, like it will be for the next 5 years. :thumb:
     
  6. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,802
    Location:
    Texas
  7. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Public exploit available.
     
  8. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  9. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Solutions and Recommendations

    From MrBrians's link

    My solution

    Install a Script intercepter/blocker such as ScriptDefender http://www.analogx.com which works fine on, for eg my XP/SP2. Try it on your OS

    ax1.png
     
  10. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    From the article:
    Microsoft Security Bulletin MS14-064 - Critical
    https://technet.microsoft.com/en-us/library/security/ms14-064
    It appears that if you don't use Internet Explorer, this exploit on a web page won't run.


    ----
    rich
     
    Last edited: Nov 14, 2014
Loading...