Information and Fix for new Internet Explorer Zero Day flaw
Yes there is a new Internet Explorer Zero Day,
We hope our Visitors to our site observe the RSS Headliners on the left border which if clicked will take you to the Full Message at our BlueCollarPCSecurity Google Group with RSS Feeds also. Yahoo Groups has discontinued theirs just shortly ago, so we set up the Google Group for our Alerts RSS feed you can add to any RSS Reader also.
I have forgotten to post this new zero day exploit in Internet Explorer (all versions) information in our Blog Posts (center of our site, here) and we apologize to casual Visitors who may not have been alerted to this at our site as a plain in your face can’t miss post.
A Zero Day existing is a dangerous possibility existing for malware and cyber criminals to take stealth control of the PC system, and spy and worst, on infected computers by them via the Zero Day exploit.
Sometimes a Zero Day is in the actual Operating System itself (Windows). Here is one has been discovered in the Internet Explorer browser. These are fairly rare, and there are really only handfuls of them found over the years. The problem obviously is that either Windows or the browser has no defense (which ever the case with a zero day) basically and is prey. The only defense is generally a quality antimalware product with Real Time Protection enabled, usually as the yearly paid subscription. There are only a couple free ones with Real Time Protection (sometimes called HIPS, heuristics sniffs and blocks attempts in real time 24/7) like paid antimalware. Free home versions of antimalware DO NOT have Real Time Protection you have to pay for to enable, and therefore DO NOT block malware and attempts on the browser to gain access to the system with malware such as a Drive By infection – unseen while browsing the Net arriving at a bad website infects the PC without protection in place.
No there has not been the emergency patch yet from Microsoft. It may be issued in this next normal cycle of Windows Updates on the Second Tuesday (Patch Tuesday) each month which will be for October 2013. Generally there is what is called an Emergency Out-Of-Cycle Patch issued, meaning released when ready at anytime rather than in normal monthly Windows Updates every Second Tuesday each month. Yes there is a Microsoft Fix-It temporary fix available – SEE below, link.
MICROSOFT OFFICIAL FIX-IT SITE FOR THIS ZERO DAY…
Microsoft Security Advisory: Vulnerability in Internet Explorer could allow remote code execution
ALSO you can use alternative free Mozilla Firefox browser until a Patch is issued. On Internet Explorer you can go to Settings and raise the Security Settings all the way up which blocks all Java, add-ons, and scripts and auto runs at websites and players etc. Kind of basically like plain text email.
National Cyber Awareness System:
Microsoft Releases Security Advisory for Internet Explorer
09/18/2013 03:33 PM EDT
Original release date: September 18, 2013
Microsoft issues emergency fix for Internet Explorer vulnerability
17 (UPI) — U.S tech giant Microsoft says it is issuing an emergency fix
to an Internet Explorer bug that has been exploited in active malware
attacks. All versions …
NOTE: All versions of Internet Explorer browser from Version 6 to 10 and 11 for Windows 8.1 are
affected, current temporary fix is designed to prevent exploitation of
the bug – and a permanent fix may follow at a later date.
NEWS LINKS TO DATE….
Microsoft issued Fix it for actively exploited IE 0-day
Posted on Sep 18, 2013 04:22 pm
Microsoft has yesterday unexpectedly released a security advisory warning users about instances of active exploitation of a vulnerability found in all supported versions of Internet Explorer (6-11). …
Read in browser »
LINK TO OFFICIAL MICROSOFT SITE….
Microsoft Security Advisory (2887505)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
Published: Tuesday, September 17, 2013
Heavy Attacks Expected as Microsoft Scrambles to Fix IE Flaw
Although it hasn’t been determined yet what malware is connected to the
exploit, it can be … “These exploits typically are used to download
advanced malware …
Latest IE 0-day insight: Background, severity and solutions
Posted on Sep 19, 2013 09:48 am
This recently discovered Internet Explorer zero day vulnerability is bad. Users and administrators should take immediate action to mitigate the risk. Considering the timing, I personally expect to see…
Read in browser »
IE 0-day attack reports push ISC to raise official threat level
Posted on Sep 23, 2013 03:41 pm
Over the weekend, FireEye researchers have managed to shed some light on the in-the-wild attacks leveraging the latest discovered Internet Explorer zero-day vulnerability (CVE-2013-3893), and have tra…
Read in browser »
Latest IE 0-day still unpatched, attacks exploiting it go back three months
Posted on Sep 30, 2013 02:59 pm
While Microsoft is yet to issue a patch for the latest Internet Explorer zero-day (CVE-2013-3893), reports are coming in that the flaw has been exploited more widely and for a longer time than initial…
Read in browser »
Internet Explorer Zero-Day Malware Spreads Across Asia
A very serious zero-day exploit affecting Internet Explorer has gone into wide release, affecting banking and government websites in Japan and Taiwan as more …
New threats exploit IE flaw
FireEye says APT campaigns have specific activity that can be clustered
and tracked by unique indicators, and some campaigns employ the same
Zero-Day exploit (Definition)
Have A Safe Computing Day!
Webmaster: Malware Removal/Amateur Forensics
Free Malware Removal Help / A Community Website Since 2005