Where to find Microsoft “Fix It” for Internet Explorer 8 zero day fix

Where to find Microsoft “Fix It” for Internet Explorer 8 zero day fix ….

 

As has been lighting up the world web about another rare Internet Explorer “zero day” hole http://www.webopedia.com/TERM/Z/Zero_Day_exploit.html ….

this one for INTERNET EXPLORER VERSION 8 we have just posted a news link here… http://bluecollarpc.us/2013/05/06/internet-explorer-8-zero-daymicrosoft-security-advisory-2847140/

 

Here is another PRESS item….

Microsoft Issues Temporary Fix For Internet Explorer 8 Zero-Day Flaw – CRN.com

CRN

A successful attack enables a cybercriminal to infect a victim’s machine with additional malware and, if it is not detected, the malware could be used to steal account credentials, documents and other data. “The vulnerability may corrupt memory in a …

http://www.crn.com/news/security/240154557/microsoft-issues-temporary-fix-for-internet-explorer-8-zero-day-flaw.htm

 

IF NOT FAMILIAR WITH MICROSOFT “FIX IT” — it is free from Microsoft at their sites for odd ball off the norm type little bugs and so on that are fixed with a simple click of “FIX IT” for the exact item only. For instance, one not too long ago was for the Windows Vista Sidebar Gadgets whereby it was possible to infect that system with a third party gadget rigged with malware execution. The Fix It button inserted a basic kind of killbit to stop it from running altogether, thus preventing infection, but was more aimed at corporate/business computers for insured safety. So the Microsoft Fix It is basically a simle short snippet code for the programming to apply a bug fix or patch etc etc etc.

 

WHERE IS THE INTERNET EXPLORER 8 MICROSOFT FIX IT BUTTON WEBPAGE …..

 

HERE….

 

TITLE: Microsoft Security Advisory: Vulnerability in Internet Explorer 8 could allow remote code execution: May 8, 2013

WEBSITE: http://support.microsoft.com/kb/2847140#FixItForMe

 

The several Press releases never included the website link for it ! ! !

 

Webmaster, BlueCollarPC.US

Advertisements
Posted in BlueCollarPC WordPress Blog. Tags: , , , , , , , , , , , . Comments Off on Where to find Microsoft “Fix It” for Internet Explorer 8 zero day fix

Where to find Microsoft Fix It for Internet Explorer 8 zero day fix

Where to find Microsoft Fix It for Internet Explorer 8 zero day fix ….

 

As has been lighting up the world web about another rare Internet Explorer zero day hole http://www.webopedia.com/TERM/Z/Zero_Day_exploit.html ….

this one for INTERNET EXPLORER VERSION 8 we have just posted a news link here… http://bluecollarpc.us/2013/05/06/internet-explorer-8-zero-daymicrosoft-security-advisory-2847140/

 

Here is another PRESS item….

Microsoft Issues Temporary Fix For Internet Explorer 8 Zero-Day Flaw – CRN.com

CRN

A successful attack enables a cybercriminal to infect a victim’s machine with additional malware and, if it is not detected, the malware could be used to steal account credentials, documents and other data. “The vulnerability may corrupt memory in a …

http://www.crn.com/news/security/240154557/microsoft-issues-temporary-fix-for-internet-explorer-8-zero-day-flaw.htm

 

IF NOT FAMILIAR WITH MICROSOFT “FIX IT” — it is free from Microsoft at their sites for odd ball off the norm type little bugs and so on that are fixed with a simple click of “FIX IT” for the exact item only. For instance, one not too long ago was for the Windows Vista Sidebar Gadgets whereby it was possible to infect that system with a third party gadget rigged with malware execution. The Fix It button inserted a basic kind of killbit to stop it from running altogether, thus preventing infection, but was more aimed at corporate/business computers for insured safety. So the Microsoft Fix It is basically a simle short snippet code for the programming to apply a bug fix or patch etc etc etc.

 

WHERE IS THE INTERNET EXPLORER 8 MICROSOFT FIX IT BUTTON WEBPAGE …..

 

HERE….

 

TITLE: Microsoft Security Advisory: Vulnerability in Internet Explorer 8 could allow remote code execution: May 8, 2013

WEBSITE: http://support.microsoft.com/kb/2847140#FixItForMe

 

The several Press releases never included the website link for it ! ! !

 

Webmaster, BlueCollarPC.US

Catch Up With Java Malware Information

Catch Up With Java Malware Information….. Day after day seemingly, week after week, for about 100 days or more it seems cyber crime has declared war on Java a handful of ‘zero days’ as well have been suffered. For security reasons it has been actually advised to disable Java in ALL browsers and even uninstall Java from the computer. This has been no joke if you have not been keeping up with all the security warnings and actual INFECTIONS occurring via exploiting Java ! READ ON TO CATCH UP IF YOU MUST ! ! ! FOLLOW THE TIMELINE TO DATE….

CLICK THE MESSAGE LINKS TO GO TO THE WEBSITE AND FULL STORY DETAILS….

 Aug 29, 2012

US-CERT Alert – Oracle Java 7 Security Manager Bypass Vulnerability
Fw: US-CERT Alert TA12-240A – Oracle Java 7 Security Manager Bypass Vulnerability…System US-CERT Alert TA12-240A Oracle Java 7 Security Manager Bypass Vulnerability…Yet * Let’s start the week with a new Java 0-day in Meta…..

Critical Java 0-day flaw exploited in the wild
Critical Java 0-day flaw exploited in the wild Posted on Aug 27, 2012 06:11 pm Researchers…security firm FireEye have discovered targeted attacks exploiting a zero-day Java vulnerability to deliver the Poison Ivy RAT onto the unsuspecting victims…

Aug 30, 2012

Unpatched Java exploit spreads like wildfire
Unpatched Java exploit spreads like wildfire Naked Security Sophos customers are proactively protected against the malware payload as Troj/Agent-XNE and the malicious Java applet as Mal/JavaKnE-H. Sophos endpoint customers using our web protection…

Java 7 Under Attack: Researchers Advise It Be Disabled During The Interim
Java 7 Under Attack: Researchers Advise It Be Disabled During The Interim CRN…thereof. “IT administrators’ only defense at the moment is to limit the use to Java,” wrote Wolfgang …

Disable Java NOW, users told, as 0-day exploit hits
web

Disable Java NOW, users told, as 0-day
exploit hits web Register The vulnerability allows…keylogger or some other
type of malware . The payload does not need to be a Java app itself. In
the form in which it …

Java 0-day exploit added to Blackhole kit, still no news
about patch

Java 0-day exploit added to Blackhole kit,
still no news about patch Posted on Aug 29, 2012 12:20 pm The recently
discovered Java zero-day flaw that has been spotted being used in limited
targeted attacks in…

Aug 31, 2012

Zero-day Java flaw exploited in targeted tax email malware attack
Zero-day Java flaw exploited in targeted tax email malware attack by Paul Baccas on August…cybercriminals have taken advantage of the critical zero-day flaw vulnerability in Java, sending out malicious emails which pretend to come from an accountancy firm…

Java Zero-Day Malware Attack: 6
Facts

Java Zero-Day Malware Attack: 6 Facts
InformationWeek Businesses are growing worried about drive-by infections by
malware that exploits two zero-day Java vulnerabilities. Attackers,
apparently operating from China, chained the two…

Java is Insecure and Awful, It’s Time to Disable It, and
Here’s How

Java is Insecure and Awful, It’s Time to
Disable It, and Here’s How As usual, there’s yet another security hole in the
Java Runtime Environment, and if you don’t disable your Java
plugin, you’re at risk for being infected with malware. Here…

Sep 1, 2012

Java 0-day exploit served from over 100 sites
Java 0-day exploit served from over 100 sites Posted on Aug 30, 2012 03:23 pm The problem of the two unpatched Java zero-day vulnerabilities that are actively exploited in the wild by attackers…

US-CERT Releases Oracle Java JRE 1.7 Security Advisory
Fw: US-CERT Current Activity – US-CERT Releases Oracle Java JRE 1.7 Security Advisory —–Original Message—– From…Awareness System US-CERT Current Activity US-CERT Releases Oracle Java JRE 1.7 Security Advisory Original release date: Tuesday…

Oracle releases patches for Java vulnerability CVE-2012-4681
http://thehackernews.com/2012/09/oracle-releases-patches-for-java.html
21
hours ago – Oracle has released a new patch which kills off a
vulnerability
in Java 7 that was being exploited by malware developers. “Due
to the high
severity of these …

Encyclopedia entry:
Exploit:Java/CVE-2012-4681.DM – Learn more
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Exploit%3AJava%2FCVE-2012-4681.DM
12
hours ago – Summary. This threat is detected by the Microsoft
antivirus
engine. Technical details are not currently available for this
threat. Top

Unpatched Java Vulnerability Exploited in Targeted
Attacks, Researchers Say

Unpatched Java Vulnerability Exploited in
Targeted Attacks, Researchers Say PCWorld (blog…has been … 

Oracle fixes Java 7 web browser flaw
Oracle fixes Java 7 web browser flaw IT PRO Software giant Oracle has finally released a patch…malware . The US government warned end users to be on their guard against Java 7 zero-day vulnerabilities … 

Oracle provides early patch for
Java

Oracle provides early patch for Java iTWire
The next Java update was scheduled for October 16…also includes fixes
for two other vulnerabilities affecting Java running …

Update Java in Control Panel ! Oracle releases security
patch for Java vulnerability

Oracle releases security patch for
Java vulnerability Siliconrepublic.com Before now, the only way to
protect computers from potential malware attacks exploiting this…

Sep 3, 2012

Oracle patches Java 0-day, researchers say there is
another one

Oracle patches Java 0-day, researchers say
there is another one Posted on Aug 31, 2012 02:09 pm Oracle has finally issued
an update for Java 7 (v 1.7.0_07) which solves the problem of the
CVE-2012-4681 vulnerability…

After patch, researchers find another Java vulnerability
After patch, researchers find another Java vulnerability SC Magazine Australia Hours after the company that maintains…

Oh No Not Again! New Java Vulnerability Uncovered In
Latest Java Update

Oh No Not Again! New Vulnerability Uncovered In
Latest Java Update Forbes Adam Gowdiak, CEO and founder of Security
Explorations, has…

Sep 5, 2012

Fake Amazon emails open the way for
malware

Fake Amazon emails open the way for malware Posted
on Sep 04, 2012 01:15 pm The CVE-2012-4681 Java zero-day vulnerability
might have been patched, but because it was added to the popular Blackhole
exploit kit and because most…

Fw: Another Java Security Flaw Appears After Oracle Patch
Another Java Security Flaw Appears After Oracle Patch TechWeekEurope…Researchers have uncovered another potentially Java security flaw, which could be used by hackers…Current Activity – US-CERT Releases Oracle Java JRE 1.7 Security Advisory ….

Rogue Microsoft Services Agreement emails lead to latest Java exploit
Rogue Microsoft Services Agreement emails lead to latest Java exploit Computerworld IDG News Service – Hackers are distributing…

Article: Thanks ever so much Java, for that biz-wide
rootkit infection

Thanks ever so much Java, for that biz-wide
rootkit infection Register Shortly after I awoke to…client called to inform me
his computer had contracted some malware . Java has, if you’ll forgive
the anthropomorphization of a bytecode virtualization…

Sep 14, 2012

Oracle confirms existence of another critical Java
flaw

Oracle confirms existence of another critical
Java flaw Posted on Sep 11, 2012 03:45 pm When Oracle finally patched the
CVE-2012-4681 Java 0-day that was being actively exploited…

Nov 2, 2012

Jacksbot Java malware can take control of Windows, Mac,
and Linux systems

Jacksbot Java malware can take control of
Windows, Mac, and Linux systems The Next Web…software company Intego
discovered malware which it classified as “a new Java backdoor trojan
called Java/Jacksbot.A.” New threats are discovered all…

Nov 24, 2012

Warning out vs new cross-platform
malware

…vendors warned computer users over the weekend
against a new malware that can potentially affect various platforms that support
Java. In a blog post, Trend Micro pointed out …

Jan 3, 2013

Java server malware targets Windows systems
Java server malware targets Windows systems SC Magazine Researchers have discovered a backdoor delivered by a malicious JavaServer Page (JSP), which targets vulnerable Java-based HTTP servers and allows an attacker to hijack infected systems. The malware…

Jan 12, 2013

New malware exploiting Java 7 in Windows and Unix systems
New malware exploiting Java 7 in Windows and Unix systems CNET The malware has currently been seen…OS X, may be able to do so given OS X is largely similar to Unix and Java is cross-platform. Additionally, the exploit is currently being …

Java flaw poses malware threat to PC users
Java flaw poses malware threat to PC users Financial Times A serious flaw in the Java software found on most personal computers could expose the machines to being…

New Java 0-day exploited in the wild
New Java 0-day exploited in the wild Posted on Jan 10, 2013 04:45 pm A new Java zero-day being exploited in the wild has been found. With the files we were…

Disable Java! Recent 0-day exploit is included in exploit kits
Disable Java! Recent 0-day exploit is included in exploit kits Posted on Jan 11, 2013 06:00 pm The Java zero-day that has recently been spotted being exploited in the wild has turned…

Jan 13, 2013

US-CERT Releases Oracle Java 7 Security
Advisory

Fw: US-CERT Current Activity – CERT Releases Oracle
Java 7 Security Advisory…Vulnerability Note VU#625617 to address a
vulnerability in Oracle Java Runtime Environment (JRE) 7 and earlier that
is currently…

Jan 15, 2013

Week in review: Java 0-day wreaking havoc, hiding
messages in Skype silences, Apple prevents popular app scam
tactic

Week in review: Java 0-day wreaking havoc,
hiding messages in Skype silences, Apple prevents popular app scam tactic Posted
on Jan 14, 2013 06:00 am…

US-CERT – Out-of-Band Patch to Address Java 7
Vulnerability Released

…Current Activity – Oracle Releases Out-of-Band
Patch to Address Java 7 Vulnerability…band patch to address the
recently announced vulnerability in Java Runtime Environment (JRE) 7.
US-CERT encourages users and…

Security: Homeland Security Warns About Java
Malware

Homeland Security Warns About Java Malware
DrJays.com Live A newly-discovered vulnerability
in…

How To disable Java in my web
browser

How do I disable Java in my web browser?
http://www.java.com/en/download/help/disable_browser…Macintosh OS X
•Browser(s): Internet Explorer, Firefox, Chrome, Safari •Java version(s):
7.0, 7u10+ FULL INSTRUCTIONS (easy) …..

Jan 16, 2013

Oracle patches critical 0-day with new Java
update

Oracle patches critical 0-day with new Java
update Posted on Jan 14, 2013 01:05 pm Oracle has released Java 7 Update
11, the computing platform’s newest version that patches…

Oracle delivers 86 security
fixes

…fixes Posted on Jan 16, 2013 10:06 am Oracle has
had two major updates in the last 2 days. On Sunday, Jan. 13 a new version of
Java 7 was released that addresses the 0-day vulnerability that has been
exploited in the wild. The Oracle C…

Surprised? Old Java exploit helped spread Red October
spyware

Surprised? Old Java exploit helped spread Red October spyware Register Unpatched Java installations…October on
Monday, …

Malware masquerades as patch for
Java

Malware masquerades as patch for Java
ITworld.com Hackers often disguise their malware as a legitimate…

Jan 21, 2013

Java Security ‘Fix’ Is Disguised Malware
Attack

Java Security ‘Fix’ Is Disguised Malware
Attack InformationWeek The malware may be…against browsers. The attack begins
with a Web page warning that a newer version of Java is required to …

Newest Java update doesn’t fix fresh critical
vulnerabilities

Newest Java update doesn’t fix fresh
critical vulnerabilities Posted on Jan 21, 2013 03:26 pm Another week, another
zero-day threatening millions of Java users. As you might remember, last
week Oracle released Java 7 Update 11, which…

Jan 28, 2013

Beware of fake Java
updates

Beware of fake Java updates CNET January 22,
2013 9:30 AM PST. Following recent security vulnerabili…vulnerabilities in
Java, malware developers are taking a new approach to exploit the
Java platform by issuing false updates that pose as legitimate updates
for the…

Java’s new “very high” security mode can’t protect you
from malware

Java‘s new “very high” security mode can’t
protect you from malware Ars Technica Security researchers have uncovered a
newly discovered bug in Oracle’s Java framework that allows attackers to
bypass important security protections designed…

Feb 2, 2013

US-CERT- Oracle Releases Out-of-Band Patch to Address
Java 7 Vulnerabilities

…Current Activity – Oracle Releases Out-of-Band
Patch to Address Java 7 Vulnerabilities —–Original Message—– From:
Current…out-of-band patch to address multiple vulnerabilities in the
Java Runtime Environment (JRE) 7 Update 11 and earlier. These
vulnerabilities…

Security: Firefox will block by default nearly all
plugins

Firefox will block by default nearly all plugins
Posted on Jan 30, 2013 08:08 pm Following the recent debacle of the critical
Java 0-day that was being actively exploited in the wild, in an attempt
to minimize its users’ attack surface Mozilla has enabled “Click…

Feb 6, 2013

Oracle rushes out emergency Java
patch

Oracle rushes out emergency Java patch
Posted on Feb 04, 2013 01:44 pm If you’re still among the users…computer, be
advised that Oracle has released a critical patch update for Java SE
(Java 7 Update 13) on Friday. …

Feb 18, 2013

Facebook disables Java after
hack

Facebook disables Java after hack
VentureBeat The malware came through another issue with Java…Department
of Homeland Security even recommended that people uninstall Java since
hackers were finding new …

Feb 20, 2013

Apple issues malware removal tool today,
attacked

…tool today The Verge “Apple has identified
malware which infected a limited number of Mac systems through a vulnerability
in the Java plug-in for browsers,” the company said in its statement.
“The malware was employed in an attack against Apple and other companies…

Apple victim of malware
attack

…malware attack. A small number of systems inside
the company were compromised. The malware attack was tied to a vulnerability in
a Java plug-in for browsers, Apple said in a statement sent via email.
“There is …

Feb 22, 2013

US-CERT Updated Release of the February 2013 Oracle Java
SE Critical Patch Update

…Current Activity – Updated Release of the
February 2013 Oracle Java SE Critical Patch Update —–Original
Message—– From…an updated February 2013 Critical Patch Update for Oracle
Java SE to address a vulnerability. This vulnerability could allow…

Apple Releases Code To Remove Java Hack
Malware

Apple Releases Code To Remove Java Hack
Malware Fast Company In the wake of this attack Apple…malware. The Apple hacks
happened when a vulnerability in Java, …

Latest Mac malware attack shows that Windows 8 is more
secure ?

…blog) Apple has admitted that Macs inside the
company were recently victimized by a malware attack. They were hacked in a
drive-by Java exploit. In response, Apple patched the security hole in
older systems vulnerable to the attack, and also released a tool …

Uninstalling the Terrible Ask
Toolbar

…your computer, don’t be ashamed – it could
happen to anybody. Especially considering that is bundled with the equally awful
Java runtime. Those people should be ashamed of themselves. ….

Mar 2, 2013

Java malware sets its sights on your Minecraft
passwords

Java malware sets its sights on your
Minecraft passwords Geek This piece of malware is quite a bit more
sophisticated, too. It’s made of multiple Java applets that are hidden
after being dropped onto a compromised system. The tool…

New Java 0-day exploited in ongoing
attacks

New Java 0-day exploited in ongoing attacks
Posted on Mar 01, 2013 03:48 pm FireEye has detected yet another Java
zero-day vulnerability being exploited in attacks in the wild. Affected
updates…

User Question: Should I disable updates then update programs when necessary?

Hey all…. I go by the handle of “antibotnet @ yahoo.com” at Yahoo Answers > Security. Here is a new question I am blogging as answer contents are pretty standard ven as a “form answer” for these type standard questions you meet over and over again, all slightly different:

 

Should I disable updates then update programs when necessary?
“I’m a rookie network administrator. I sysprep my machines twice a year on a schedule. I’m thinking this time I should lock down the usual but also disable all updates from all software and Windows 7. When an update comes along that is worthy I can then update the machines individual. Last time I used GPO it uninstall all the programs instead of installing them. Very odd. I’ve heard it is “unsafe’ to not always update your OS but I’m thinking almost everything were using is web-based. What do you all think?
Note: I will always let AVG update. ”
FULL:
http://answers.yahoo.com/question/index;_ylt=AnyXcm_aRycJOo1WdNm9.Ksw5XNG;_ylv=3?qid=20120328130039AAzYR2o

This is very specific to your network usage in security and allowances. Anywhere from a Home Network all the way up to Home/Small Business (and anything in between) is indicated and you were not specific. Generally, I don’t know anyone that would give away this type consultation for free, as generally IT Security et al freelancing can start with a preliminary environment evaluation at price, (which is what I do) adding hourly flat fee starting at $150.00 and then a contract price for specific services rendered — which is apparently what you are seeming to ask for free – a Preliminary Environment Evaluation, or onsite impression of existing set up.

TIP: Basically as far as computer security, the general recommendations are all things up to date all the time. Security Updates are not eye candy. They are for specific necessary defense which left undone can cause a liability for you personally according to whatever the network usage is. SEE the infamous JiffyLube case whereby they were held responsible. That should put you in the right frame of mind and away from bad disingenuous advice.

TIP: Windows Updates have historically not been found at fault at all when applied when some programs/softwares may have been “broken”. This has been historically the software creator(s) fault – NOT Microsoft Windows Updates. That is one example of less than acceptable IT people that ignorantly always chronically blame Microsoft for all the “woes” that are, in reality, virtually always self made or lax third party softwares faults.

TIP: Security wise – ALL softwares are to be up to date ALL the time with vendor updates. Secunia PSI is excellent. Installed softwares are a “SOFT TARGET” for cyber criminal crimewares now to gain entry into the system or network.

Have Hardware Firewalls been activated additionally – and as well in modems ?

NOTICE: Security Updates via Windows Updates are ONLY sent out each Second Tuesday of the month (if any, usually are) which has been dubbed “Patch Tuesday”. If there is an Emergency Patch such as for a new “zero day threat” – these are issued as soon as ready – immediately – as an “OUT OF CYCLE PATCH” as an emergency patch.

IMPORTANT: It is difficult to determine your “twice yearly” updating mentioned as you did not give specifics. Try and be very particular and clear about items with detail. If you meant Windows Updates – well as you can see, and as you mentioned, you are definitely a “rookie network administrator ” as you say and the PCs in network are most likely in severe need of upgrading immediately.
If you meant OS (operating system) Upgrades twice yearly – that does not make sense as these Upgrades have been the releases of XP, Vista, Windows 7 and then 8 – as example and years apart, not occurring ” twice yearly”.

ADVICE: Considering cyber events as corporate “Blended Threats” , CEO type Phishing targeting, bots, I would re-evaluate your “security solution” mentioned as bi-yearly patching and AVG Business. There are a good handful of products well above in quality and documented defense such as Trend Micro for one. You can be polite to a mutt – but will it defend you as completely as a well trained thorough bred ? Or run away squealing and yelping ?

Source(s):
http://en.wikipedia.org/wiki/Group_Policy
http://support.microsoft.com/kb/302577

 

 

%d bloggers like this: