Internet Explorer 8 Zero-Day,Microsoft Security Advisory (2847140)

Internet Explorer 8 Zero-Day,Microsoft Security Advisory (2847140)

Microsoft Security Advisory (2847140)
Vulnerability in Internet Explorer Could Allow Remote Code Execution

Published: Friday, May 03, 2013

http://technet.microsoft.com/en-us/security/advisory/2847140

Version: 1.0

Microsoft is investigating public reports of a vulnerability in Internet Explorer 8. Microsoft is aware of attacks that attempt to exploit this vulnerability.

Internet Explorer 6, Internet Explorer 7, Internet Explorer 9, and Internet Explorer 10 are not affected by the vulnerability.

This is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly ……

[[[ Basically you can upgrade to version 9, or if you want to keep Version 8 then open Internet Options (Tools tab on browser or in Control Panel – click Classic View to see this) and click the Security Tab and shove the slide bar on left all the way up to HIGH which now stops all kinds of scripts at webpages and Active X and embedded autorun media players and etc etc etc. Keep quality antimalware installed and up to date as the only protection then – Real Time Protection heuristics or sometimes called HIPS etc. You can always retrograde back to Version 8 after an Emergency Out Of Cycle Patch/Fix is issued by Microsoft through Windows Updates and then Apply.
gerald philly pa usa ]]]

PRESS:

New Internet Explorer 8 Zero-Day Used in Watering Hole Attack …
www.symantec.com/…/new-internet-explorer-8-zero-day-used-watering-hole-attack
6 hours ago … Symantec helps consumers and organizations secure and manage their
information-driven world. Our software and services protect against …
http://www.symantec.com/connect/blogs/new-internet-explorer-8-zero-day-used-watering-hole-attack

Microsoft admits zero-day bug in IE8, pledges patch – Computerworld
www.computerworld.com/…/Microsoft_admits_zero_day_bug_in_IE8_pledges_patch
18 hours ago … Computerworld – Microsoft late Friday confirmed that a “zero-day,” or unpatched,
vulnerability exists in Internet Explorer 8 (IE8), the company’s …
http://www.computerworld.com/s/article/9238922/Microsoft_admits_zero_day_bug_in_IE8_pledges_patch

Zero-Day Exploit Enabled Cyber-Attack on U.S. Labor Department – eWeekeWeek
In the latest incident of nation-state cyber-attacks, attackers slipped malware onto the agency’s site, apparently aiming to compromise nuclear-energy officials from the Department of Energy. Hackers compromised the U.S. Department of Labor’s Web site …
http://www.eweek.com/security/zero-day-exploit-enabled-cyber-attack-on-us-labor-department/

Internet Explorer zero-day exploit targets nuclear weapons researchers
Ars Technica
Attackers exploited a previously unknown and currently unpatched
security bug in Microsoft’s Internet Explorer browser to surreptitiously
install malware on the computers of federal government workers involved
in nuclear weapons research, researchers …
http://arstechnica.com/security/2013/05/internet-explorer-zero-day-exploit-targets-nuclear-weapons-researchers/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+arstechnica%2Findex+

<http://arstechnica.com/security/2013/05/internet-explorer-zero-day-exploit-targets-nuclear-weapons-researchers/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+arstechnica%2Findex+>

Advertisements

What are Information – Data security threats?

This is from an actual question I fielded as Antibotnet alternate Yahoo ID at yahoo Answers > Security….

QUESTION:

Information security – threat? In information security what do we call a “threat” exactly? Hacker? or action itself aka eavesdropping/ system intrusion? Kinda confused about the concept http://answers.yahoo.com/question/index?qid=20130420123253AAJSqc2

MY ANSWER AS ANTIBOTNET YAHOO id (ALTERNATE id)  

Best Answer – Chosen by Asker

ANSWER:

Not sure if you mean general average user or actual IT Security ? The term threat to the average user computer is several fold.

Threat generally means malware such as a computer virus, worm, trojan, spyware etc. Malware can pose a threat to the actual operating system (Windows etc) as destrutive to the system and even hardware. It can destroy the operating system rendering it inoperable via corruption of files and/or actual deletion of system files such as by a worm.

Threats by spyware are generally referring to comprimising personal information generally always meaning financial information such as account numbers and pins etc that might be stored by a user in a document or text file etc. Another spyware category threat as “keylogger” can record everything being typed such as purchases online etc. Threat here means ultimately as an attempt as ID Theft, but also includes like personal photos and media etc that can be copied and transmitted in stealth from the infected unprotected computer. As well these threats to information includes all email contacts and any information there as a phone number, address, etc. – such as copy/transmitting these via spyware or even some viruses from the Contacts/Address Book information stored in the computer email programs contacts area. When you consider a broad term as “Social Engineering” you can place together additional areas of crime as stalking etc outside the computer system and worldwide web – robberies, kidnaps, and worst – due to threats to information or “data” stored in the computer.

Quality antimalware installed on the computer prevents these.

Threats also mean hackers trying to break into and take over a computer, and an acute looming threat if there is no personal software firewall installed.

Threat may also refer to security holes in the operating system and/or other softwares installed. These get patch/fix/update/upgrade through as example Windows Updates or similar in other operating systems as Linux, Apple/Mac etc.

It is on the enterprise corporate level in IT Security that refers to computer security for Home/Small Businesses all the way up to major companies/corporations etc. These are hired to address computing security for businesses against malware threats and much more. Computer forensics is an additional add-on or hired outside the/for the firm.

Biometrics security refers generally to physical type preventions as voice and retina and fingerprint recognition etc. to even gain entry into like a security firm as a major antivirus company as example. These too may include similar to even access a company computer. Threats to these areas are another area other than malware and an up to date fully patched computer.

SEE Zero Day threats…. also:

http://www.webopedia.com/TERM/Z/Zero_Day_exploit.html http://en.wikipedia.org/wiki/Zero-Day_Attack

 

List of threats to PCs…. http://bluecollarpc.us/threats-faqs/

 

Source(s):

http://bluecollarpc.us/forensics/

http://bluecollarpc.us/threats-faqs/

All blogposts archived to BlueCollarPC.US main domain

This is an informational blog post from our restored/renewed main domain http://bluecollarpc.us/ re-opened April 2013 by popular request !

Welcome all, archived blog installed

http://bluecollarpc.us/2013/04/02/welcome-all-archived-blog-installed/

By bluecollarpc – Last updated: Tuesday, April 2, 2013 – Save & Share – Leave a Comment

Welcome all, archived blog installed….. We have imported our archived blog posts from our original BlueCollarPC @ WordPress security blog. This is located at https://bluecollarpcwebs.wordpress.com/

We will keep the free version and continue to post to it, as has been linked for years. I am the original webmaster of the BlueCollarPC .Net and .Org and lastly .US . The BlueCollarPC .Net originally began about year 2005 as a help and information site dealing with spyware as main course. There were many video help tutorials for download in several formats. This became a huge site trafficking about 2,700 to 3,000 Visitors monthly, and tolled in at just over 6 million by 2009. Those kinds of numbers are usually seen at small business sites, but I had just a simple personal website !

Being able to help that many people who found our site as a primary or a main additional site for help and instruction in PC security and malware removal outweighed any personal pride or egotism in hits counters. That is what it was launched for, genuine informed help – not a personality contest. It was humbling to see those kinds of numbers though.

Push come to shove, our site was attacked and there were several behind the scenes personal attacks against myself and equipment – attempts at destroying computers and mobile computer. These attacks were sophisticated dreaded botnet payload attacks and another as attempting circumventing Vista technology and destruction. So, my site theme being “BlueCollarPC” as a spyware removal site originally, now was upgraded to a full blown malware removal help and instruction site – all malware with heavy concentration into botnet detection and removal and restoration of damaged systems and I graduated through this all into Amateur Forensics (Computer Forensics). What did not kill us makes us stronger, and so it goes. All but the BlueCollarPC .US were closed with this new full malware removal site including information and help against all malware now as viruses, worms, trojans, rootkits, adware, spyware, botnets and bootkits. etc etc etc.

At the end of the decade (2000 to 2010) and into the new one, things seemed to be a ghost town at many help destinations as groups, forums, and lists, others. It seemed the whole “XP Generation” of the “XP Years” (Windows XP) had graduated and learned it all or enough to carry them through. Of course I invested into a Vista PC which was the actual crown jewel of the decade in security software – unprecedented as an operating system itself being the best security software available. To this day Windows Users are unaware that viruses could not run on Vista and neither the dreaded rootkit malware. UAC User Account Control was just one of these new security technologies in Vista. First hand, no lie, two or three times I saw a virus execute to install on my Vista (drive by hit – bad website, tried to install scareware fake antivirus programs). Sure enough and word for word from Microsoft – “viruses are not able to write to the disk in Vista”. They the payloads were in Temporary Internet Files. All I had to do was close the browser with the settings I had clicked to “Delete All Temporary Internet Files” etc. I also use and ran CCleaner offering a little more clean up. That was it. The virus was gone ! I then scanned with high quality antimalware to prove it. Zero infection. The point was, or joke, you did not even need antivirus with Vista – like “you’re kidding, you actually purchased antivirus for Vista ? What for ? ” Seeing is believing.

Windows 7 was the first time in history an operating system (Windows, Linux, Apple/Mac etc) was actually downgraded security wise. Users screamed about UAC. The security world kind of went with – what idiots, sorry to say. This did not make sense. It did not make sense worst, that Microsoft themselves accomadated them. LOL. You get what you pay for. They seemed to love no intrusion whatsoever on having a good time on the Net – utterly regardless of the dangers. It was like handing drunk teenagers the keys to the sports car. We all know how that ended. Many never made it home.

Enter Windows 8 with the new anti-rootkit / anti-bootkit technologies – the ‘secure boot’ Windows 8. Windows 8 is a gigantic leap forward from XP as blocking rootkits/bootkits from running before antimalware programs are able to boot to begin detecting malware attempting to run in the session. With XP, we all know if a rootkit was suspected it meant reinstalling Windows as the ONLY cure. The trouble was most anti-rootkit softwares were crap at detecting them and even worst at attempting to remove them. Enter Windows 8 new security technologies. THOSE DAYS are over with forever. Just before Windows 8 hit the streets there was hint at they could crack this. But as well there is new anti-malware softwares that can “cold boot” to detect this. Somewhat as being able to scan the system without even starting the computer and as it does start up. Bye bye, covered anyway.

Well back to re-launching BlueCollarPC.US – now in the WordPress format rather than the traditional website. Kind of all in one – blog and content, links. Spread the word – “We are back !” (StarTrekkies – Romulans and Enterprise Captain Picard in the Neutral Zone Confontation over Borg encroachments).

From our alternate back up website at https://sites.google.com/site/pcsecurityhelper/

Welcome to the BlueCollarPC Security Helper!

For the record….. I began the BlueCollarPC Computing Security Community Website in 2005 at the original .Net website. I believe at that time, the .Com website was actually a PC Repair Shop which I was not connected with. Towards the end of 2009, the BlueCollarPC .Net created by me had enjoyed just over 6 Million Vistors/Users! – are proud to have been a part of it all and indeed actually had “discovery” in the security industry concerning the malware RASautodial registry entries discovered by Yours Truly. Never be afraid to ‘take a look under the hood’ of your PC ! You never know what you’ll find.

%d bloggers like this: