Posted on 04/27/2014 4:26:55 PM PDT by dayglored
A new zero day vulnerability that resides in all versions of Internet Explorer has been spotted in the wild, Microsoft confirmed late Saturday.
The vulnerability, which could allow remote code execution, is being used in "limited, targeted attacks," according to an advisory issued by Microsoft. While all versions of the web browser, IE 6 through 11, are affected by the vulnerability, attacks are currently targeting IE versions 9, 10 and 11, according to security firm Fire Eye, which first reported the flaw Friday.
The attack leverages a previously unknown "use after free" vulnerability -- data corruption that occurs after memory has been released -- and bypasses both Windows DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization) protections, according to Fire Eye.
An attack could be triggered by luring visitors to a specially crafted web page, Microsoft explained.
...
Prepare to suffer the consequences of stupid decisions.”
Well, I still run XP on one of our computers because several software programs I have been using for years won’t run on anything else and I don’t happen to want to change. That computer, however, has not, is not nor will it ever be hooked up to the Internet.
So I do not consider my decision to continue running XP under these conditions and circumstances a stupid decision. Works well for us. This suggestion, BTW, came from my son who happens to work in the techie industry.
they are also offering support for xp on european systems.
ATM MACHINES!!!
EEK EEK EEK
Yeah, depending on who you believe, somewhere between 90% and 95% of the ATMs in the United States run on Windows XP.
Wanna have some black-humor fun? Google images on a search string of: ATM XP BSOD.
Very well put.
I have been trying to think of a valid corollary and the best I have come up with is:
Heck no, I’m not getting rid of my black & white TV, that color thing will never take hold.
I take it I’m OK with Windows 7?
http://blogs.technet.com/b/msrc/archive/2014/04/26/microsoft-releases-security-advisory.aspx
https://technet.microsoft.com/en-US/library/security/2963983
Please note that the above give no information about use of IE on XP, since it's not supported, and no patch for IE running on XP will be issued.
That said, it might be interesting to see if a patch for some version of IE that can run on both XP and some later version of Windows is released in a form where it can be applied to an XP system, even though it was written for a later system. I rather doubt it, since Windows Update patches verify the version of the OS before attempting to load and install. But perhaps one can fake out the reported version somehow.
Not for the faint of heart, but it might be an interesting experiment.
Once Microsoft releases a patch for IE running on Win7, do the update, and you should be fine.
I still haven’t had one single person bashing XP offer to upgrade my shop machinery to the tune of about $300,000. As soon as that happens I will gladly buy new machinery.
For anyone else, continuing to run XP while connected to the Internet is in fact, a stupid decision.
Internet Explorer is baked into every version of Windows since 98. It's almost impossible to remove without severely crippling your operating system.
EVEN IF YOU'RE NOT USING INTERNET EXPLORER AS YOUR BROWSER YOU COULD BE AT RISK!
IE is used for web-based function calls regardless of your regular browser. If you use Adobe Flash, Java, or any other product that can interact with the desktop while not having a browser window open, IE can be instantiated.
This means that if you're still using XP, regardless of your active browser, you are no longer going to be protected by a patch. Remember that since IE has hooks in the kernel, ESPECIALLY in XP, they have to path not just the browser but the OS as well. Since XP is no longer receiving patches, you'll be at risk from now on.
Browse with care.
Seriously, what is everyone’s problem with Windows 8? It’s DIFFERENT, yes, but it’s functionally identical to the two previous operating systems. I just built a new gaming rig and deliberately installed Windows 8.1. It’s incredibly fast, it’s stable, and it can take advantage of all of the latest toys available on my hardware.
The “Start Page” is actually pretty awesome, and everyone I’ve met who’ve actually used it says they love it compared to cursoring through the little menu in the lower left corner of your window. Worst case, you hit Win+Q and start typing what you’re searching for. I’ve yet to throw something at the Win8 search that it couldn’t find.
I think more people should stop believing the hype and actually try Win8 for themselves. I was using Win7 for 5 years, and I loved it. I feel I’m going to love Win8 just as much.
The other tip was to replace Microsoft Security Essentials with another anti virus program.
The problem isn’t with the users, it’s with Windows 8. It sucks. Period. End of story.
You miss the point. No NEW updates for XP. Existing updates are still available. But no further updates for new issues, such as this zero-day vulnerability.
> I think more people should stop believing the hype and actually try Win8 for themselves. I was using Win7 for 5 years, and I loved it. I feel Im going to love Win8 just as much.
Win 7 is great, I love it. Best version of windows ever.
Win 8 is fine for tablets. It’s just not appropriate for regular PCs. Maybe in time MS will revert enough of the new Metro crap to make it useful again on the desktops of the world.
But the real issue is the huge number of XP users who CANNOT use a later version because either: their software won’t run on later versions, or XP is embedded in their manufacturing or test gear, or their hardware is limited and they don’t have a budget to replace everything.
> I still havent had one single person bashing XP offer to upgrade my shop machinery to the tune of about $300,000. As soon as that happens I will gladly buy new machinery.
Ouch, yeah that’s the issue for a lot of businesses and vendors that bought the Microsoft line of hype a decade ago, about designing and building manufacturing and test gear on an XP base system. The gear far outlasts the OS support, and then you’re screwed.
< shrug > I would guess so.
> The problem isnt with the users, its with Windows 8. It sucks. Period. End of story.
Well, to be fair, Win 8 is a fine OS under the hood. It just comes with a ridiculous default user interface (Metro). In time, I hope Microsoft backs that out and reverts to something normal desktop users find comfortable.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.