Message boards :
Number crunching :
Zero day IE vulnerability. Effects all OS's. XP users not to get a fix. - Update published
Message board moderation
Author | Message |
---|---|
HAL9000 Send message Joined: 11 Sep 99 Posts: 6534 Credit: 196,805,888 RAC: 57 |
If you are still using IE on your XP crunchers it would probably be a good time to find a new browser. "A new zero day vulnerability has been found to affect every version of Internet Explorer" See also MS SA 2963983 Other OS users should keep an eye out for a security update. SETI@home classic workunits: 93,865 CPU time: 863,447 hours Join the [url=http://tinyurl.com/8y46zvu]BP6/VP6 User Group[ |
Link Send message Joined: 18 Sep 03 Posts: 834 Credit: 1,807,369 RAC: 0 |
If you are still using IE on your XP crunchers it would probably be a good time to find a new browser. Currently this applies actually to all IE versions, not only those on Windows XP. The difference is, that Vista/7/8 users will get an update one day and XP users not. A good time to find a new browser was long time ago, around the time when IE6 was the current version and Microsoft didn't bother to improve it and Firefox 1.x came out. IE 10 and 11 are OK, but regardless of this current issue I wouldn't use IE8, which is the latest version available for WinXP. |
OzzFan Send message Joined: 9 Apr 02 Posts: 15691 Credit: 84,761,841 RAC: 28 |
Another zero-day vulnerability in Flash which threatens all users of Windows, Mac OS X, and Linux alike. |
BilBg Send message Joined: 27 May 07 Posts: 3720 Credit: 9,385,827 RAC: 0 |
At the moment I have Flash Player 13.0.0.182 (installed on 10.04.2014, both active_x and plugin) The current version now is 13.0.0.206 http://www.adobe.com/software/flash/about/ http://helpx.adobe.com/en/flash-player/release-note/fp_13_air_13_release_notes.html "April 28th, 2014 In today's release we are updating Flash Player with an important security update. We recommend users upgrade to this release." I don't know if this info means the fix for this vulnerability is already done in version 13.0.0.206 I like to get offline Flash Player clean installers by the links bellow (only the major version number need editing when they release e.g. version 14): Flash Player for Internet Explorer http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_12_active_x.exe http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_13_active_x.exe Flash Player for other browsers http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_12_plugin.exe http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_13_plugin.exe The flash_player_13 files have 'Signing time:' 19.04.2014 (active_x) and 21.04.2014 (plugin) which means the .exe was ready on this date (if it was ready 7-9 days ago why they needed a full week for testing before release?) Edit: They talk about CVE-2014-0515 which seems ;) not the same as CVE-2014-1776 from your link to arstechnica.com page http://helpx.adobe.com/security/products/flash-player/apsb14-13.html But this page seem to indicate the same problem from arstechnica (mentions Pixel Bender, Kaspersky, and written by Vyacheslav Zakorzhevsky) and calls it CVE-2014-0515 https://www.securelist.com/en/blog/8212/New_Flash_Player_0_day_CVE_2014_0515_used_in_watering_hole_attacks  - ALF - "Find out what you don't do well ..... then don't do it!" :)  |
HAL9000 Send message Joined: 11 Sep 99 Posts: 6534 Credit: 196,805,888 RAC: 57 |
If you are still using IE on your XP crunchers it would probably be a good time to find a new browser. Indeed. Which is why I mentioned it in the title & at the end of my post. A good time to find a new browser was long time ago, around the time when IE6 was the current version and Microsoft didn't bother to improve it and Firefox 1.x came out. IE 10 and 11 are OK, but regardless of this current issue I wouldn't use IE8, which is the latest version available for WinXP. It definably was, but so many people still cling to IE for some reason. IE still claims nearly 50% of the browser market share. SETI@home classic workunits: 93,865 CPU time: 863,447 hours Join the [url=http://tinyurl.com/8y46zvu]BP6/VP6 User Group[ |
James Sotherden Send message Joined: 16 May 99 Posts: 10436 Credit: 110,373,059 RAC: 54 |
Two of my 3 computers I just switched over to google chrome. The other one was was running it. So is adobe flash the weak point in this exploit? My daily driver, Which has a ton of bookmarks, I cant seem to import into chrome. Im sure that will make the wifey real happy. My two I7 3770 can stay on chrome, They only get used for crunching and when the grandkids come over. Nobody likes to change in mid stroke. When a fix is done I will go back to IE on this Vista daily driver. Only for the sake of peace in the house. And to be honest I never have had any problems with any version of IE. [/quote] Old James |
Cosmic_Ocean Send message Joined: 23 Dec 00 Posts: 3027 Credit: 13,516,867 RAC: 13 |
A good time to find a new browser was long time ago, around the time when IE6 was the current version and Microsoft didn't bother to improve it and Firefox 1.x came out. Agreed. I held onto 2000 Pro until around the time Vista came out, and then finally moved up to XP, and the one and only time I used IE in XP: to pull up getfirefox.com. Linux laptop: record uptime: 1511d 20h 19m (ended due to the power brick giving-up) |
Bernie Vine Send message Joined: 26 May 99 Posts: 9954 Credit: 103,452,613 RAC: 328 |
For those of you who like things just a little more secure, have a look at these Comodo Dragon based on chrome. OR Ice Dragon based on Firefox These are the only browsers I use these days. |
TBar Send message Joined: 22 May 99 Posts: 5204 Credit: 840,779,836 RAC: 2,768 |
Look at that, AntiVirus for Ubuntu... Virus Protection - Comodo Antivirus for Linux First one I've seen. Although I really haven't been looking. They also have a Free AntiVirus for all Windows Except XP, you have to PAY for XP AntiVirus. I wonder if it's better than AVG. |
BilBg Send message Joined: 27 May 07 Posts: 3720 Credit: 9,385,827 RAC: 0 |
... and the one and only time I used IE in XP: to pull up getfirefox.com The problem is some stupid programs start IE despite you have other browser set as default (but this is rare, happens 1-2 times a year so I don't remember which programs do that) Â - ALF - "Find out what you don't do well ..... then don't do it!" :) Â |
BilBg Send message Joined: 27 May 07 Posts: 3720 Credit: 9,385,827 RAC: 0 |
Look at that, AntiVirus for Ubuntu... Of course there are other: https://help.ubuntu.com/community/Antivirus http://www.makeuseof.com/tag/free-linux-antivirus-programs/ http://www.eset.com/me/home/products/antivirus-linux/?productdd=1 http://www.kaspersky.com/product-updates/linux-file-server-antivirus  - ALF - "Find out what you don't do well ..... then don't do it!" :)  |
HAL9000 Send message Joined: 11 Sep 99 Posts: 6534 Credit: 196,805,888 RAC: 57 |
A good time to find a new browser was long time ago, around the time when IE6 was the current version and Microsoft didn't bother to improve it and Firefox 1.x came out. A slightly safer way to download your preferred alternative browser if you like. You can stuff that into a command line ftp script if you like as well: open ftp.mozilla.org anonymous binary cd pub/firefox/releases/21.0/win32/en-US/ get "Firefox Setup 21.0.exe" Then you just have to type "ftp -s:get_ff.txt" & a few seconds later you have it ready to install. SETI@home classic workunits: 93,865 CPU time: 863,447 hours Join the [url=http://tinyurl.com/8y46zvu]BP6/VP6 User Group[ |
OzzFan Send message Joined: 9 Apr 02 Posts: 15691 Credit: 84,761,841 RAC: 28 |
Does that anonymous login have a password or is it blank? Also, I notice you elevated your CMD session... is that required or can you run CMD, CD into your Downloads folder and download it there? |
HAL9000 Send message Joined: 11 Sep 99 Posts: 6534 Credit: 196,805,888 RAC: 57 |
Does that anonymous login have a password or is it blank? Also, I notice you elevated your CMD session... is that required or can you run CMD, CD into your Downloads folder and download it there? Anonymous is normally a blank password. Sometimes a server may require something like an e-mail address for a password where you can normally just use something like nobody@home.net so it matches the pattern. I am unsure if an elevated command line is required. I choose to be unsafe & disable UAC. It may work non-elevated. If not then it is probably required. SETI@home classic workunits: 93,865 CPU time: 863,447 hours Join the [url=http://tinyurl.com/8y46zvu]BP6/VP6 User Group[ |
OzzFan Send message Joined: 9 Apr 02 Posts: 15691 Credit: 84,761,841 RAC: 28 |
Ah ok. I usually use "ftp -A" when using non-password protected anonymous logins. |
Thomas Send message Joined: 9 Dec 11 Posts: 1499 Credit: 1,345,576 RAC: 0 |
|
Sami Send message Joined: 12 Aug 99 Posts: 38 Credit: 12,671,175 RAC: 4 |
The problem is some stupid programs start IE despite you have other browser set as default (but this is rare, happens 1-2 times a year so I don't remember which programs do that) Boinc is one of those programs. I have SeaMonkey as a default browser but Boinc still starts IE. Or is this Win 8.1 issue? |
James Sotherden Send message Joined: 16 May 99 Posts: 10436 Credit: 110,373,059 RAC: 54 |
The problem is some stupid programs start IE despite you have other browser set as default (but this is rare, happens 1-2 times a year so I don't remember which programs do that) All 3 of my crunchers start in chrome. Edit Im running two with Win 7 And one in Vista. [/quote] Old James |
OzzFan Send message Joined: 9 Apr 02 Posts: 15691 Credit: 84,761,841 RAC: 28 |
I have SeaMonkey as a default browser but Boinc still starts IE. Or is this Win 8.1 issue? There are two different zero-day exploits: one for IE (all versions from 6 to 11) and one for Adobe Flash. BOINC simply calls the default browser as specified by the OS. Some browsers don't properly set themselves as default. To make sure your browser is set properly, click on Start -> Default Programs -> Set Program Access and Computer Defaults, then expand the custom section, look for the "Choose a default web browser:" and make sure the correct one is selected there (don't just leave it on "Use my current web browser"). Once this is done, the correct web browser will be launched by BOINC (or rather by the OS, which is making the call). |
Sami Send message Joined: 12 Aug 99 Posts: 38 Credit: 12,671,175 RAC: 4 |
I have SeaMonkey as a default browser but Boinc still starts IE. Or is this Win 8.1 issue? Not sure where to go (I use Finnish version of Windows), but I did find place to change the settings. Boinc now uses SeaMonkey. Thanks. |
©2024 University of California
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.