ALERT: Serious Internet Explorer Flaw Discovered - Comments Page 1

I've read in other articles that Microsoft has known of this vulnerability for some time, and has quietly been ignoring it. I can't say whether that's true or not, but it seems to me, that with MS having as many coders on staff as they do, if they weren't aware of it, then they just weren't paying attention.

Since IE6. Really? Way to go Redmond.

Mr. Rankin!

How Timely!

I sent the warning to ALL of my contacts LAST Evening using an article from CNET.com
(Had I seen yours sooner of course I would have sent THIS very article)

My family and friends who have an Apple computer merely Sneered at me when I indiscriminately sent this Extremely Important message to them!
(Not to worry [and I ain't gloating here] . . . I am sure the Safari browser will be targeted in the not-too-distant future)

intelligencia

I read about this exploit yesterday but the Yahoo! article did not go into any technical details so I have a couple questions.

Even though I haven't used IE for many years, and it's not my default browser, does this mean that it is still at risk?

Does IE have to be running on my Windows OS and used in order to be a risk?

Would my Linux partition also be at risk or does the threat only affect the Windows operating systems?

Can data on a Linux partition be vulnerable or compromised through the Windows environment?

EDITOR'S NOTE: You are only at risk if you actually use IE . Merely having it on your computer is not a problem.

And yes, data on a Linux partition could be vulnerable, if the partition is accessible via a Windows drive letter.

People still use Internet Explorer?

Great help sugestions. Thanks

Bob
Heard about the IE problem but up till now, never paid much attention. Have not had a problem but.... your latest e-mail just caught my attention. Thanks for the heads up and for the easy to understand explanation plus the great info and assistance websites. I(We) do appreciate your insight and advice freely given for the past "20" years. Wow, that is a long time.

How can you tell if this is already a problem on your computer?

EDITOR'S NOTE: If you have and use Internet Explorer, it's affected. If you use an alternate browser, you're okay, even if IE is present.

I received a Microsoft download yesterday April 29. Could that have been the Internet Explorer Security Patch that you are describing in this article? I hope there is some notice on the internet when the patch is completed.

EDITOR'S NOTE: I know there was an Adobe Flash patch on Monday, which plugs one specific hole related to this problem. But it doesn't fix the underlying IE flaw. Other exploits related to the flaw have already surfaced.

For what it's worth, a "security update" for Internet Explorer 11 came out on Monday and it would be wise for anyone who has that program installed to update it...whether they use IE or not, since other Microsoft programs sometimes use it in the background. It's unclear whether M$ will yield to pressure and issue security updates for older versions of IE but it seems like sheer common sense to use something else.

While no software is 100% safe from potential exploits, both Chrome and Firefox tend to be faster at responding to threats and allow more useful settings and add-ons to block sources of vulnerability. I disable ActiveX, use Flashblock and NoScript to give me control over what runs automatically, etc., and keep everything including antivirus and firewall checking for updates every time I go online.

It's been said that the average new Windows computer is infected within 20 minutes of accessing the Internet (presumably with IE) but I've been using this netbook for two years without incident, since any incoming malware gets stopped before it can run.

A Bob Rankin fan since I got online as a newbie in the early 1990s thanks to the "Tourbus."

EDITOR'S NOTE: I am not aware of any Microsoft patch the addresses this problem.

Security expert Steve Gibson published a fix for this.

http://steve.grc.com/2014/04/28/a-quick-mitigation-for-internet-explorers-new-0-day-vulnerability/

EDITOR'S NOTE: That's the same fix as I mentioned in the Sophos link.

Bob. The advice to simply 'not use' IE is okay, but some sites, including Windows own automatic updates use it as the default. Even if you normally use another browser.

Why not remove it all together? Because it is so interwoven into the 'guts' of Windows that this could cause all sorts of problems.

But it is possible to disable it, in the settings menu, so it can't just be triggered accidentally. I did this a week ago - Opera is my favoured browser - and haven't noticed any problems since.

Information about how to do this is available on the web, and it only takes a few minutes.

http://windows.microsoft.com/en-gb/windows/how-to-turn-internet-explorer-off

Gyppo

How can I safely download Mozilla Firefox without using IE? If someone downloads the installation file and sends it to me in email or Skype, can I put that on my computer and run it? Thank you for your constant and generous help.

EDITOR'S NOTE: It's safe to download Firefox via IE. The flaw can only be exploited by visiting a compromised website.

To be clear - just using IE does not put you at risk. You still have to click on a link on a compromised website.

So if you were only using it on known good links you would be safe (which is why using it to download Chrome or Firefox is safe).

However if you casually surf or use Facebook or other sites where people post links that you might follow - you absolutely should not be using it for that kind of behaviour.

http://recode.net/2014/04/27/new-vulnerability-hits-internet-explorer-and-its-serious/

Hi Bob,

Thank you for another one of your invaluable posts!
FWIW, I despise Microsoft. The best description I can assign to them is, arrogance and incompetence in action.

Is the danger still there if IE is used by an "regular User" account that does NOT have administrative privileges?

EDITOR'S NOTE: To the best of my knowledge, yes. What I read said that an attacker could assume the same privileges as the affected user.

Hi, is it safe to import my favorites list into firefox? I didn't do it, but it would make my life much easier! Thanks! Couldn't survive without your information!

EDITOR'S NOTE: Yes, that's safe.

Can one just delete the IE off their computor? Since it has internet options etc, is that part of IE?

EDITOR'S NOTE: Because Internet Explorer is a Windows feature, you can't uninstall it. But there's no need anyway, just don't use it.

Since FireFox V29.0 was just released this week, it may be an opportune time to install it in your system. But you also should spend some time to customize it with some "Add-Ons" and "themes" to truly make it a very robust browser. After all, you don't walk out of the house in your skivvies and without some protective add-ons, FireFox is really in the buff!

I understand the risk of using Windows XP now that it is no longer supported, and in fact I persuaded my daughter to get a new computer a month ago for just that reason, but I don't see what this problem has to do with Windows XP. Presuming that Microsoft gets around to fixing the problem and issues a new safer version of Internet Explorer, why can't XP users just install that new IE version to protect themselves against this exploit?

EDITOR'S NOTE: IE8 is the latest version of IE that you can install on XP. And IE8 is not going to be patched, at least not for XP.

Hi Bob, Virus scan like Avast (free edition) is it capable to detect this flaw and fix it?

EDITOR'S NOTE: As I understand the facts, no.