Stop using Microsoft's IE browser until bug is fixed

http://www.poi-factory.com/node/42494

There, I fixed the title for you and also made it shorter.

I stopped using IR when Firefox first came out. There is no reason to ever use it. In fact, I have my firewalls set up to not allow it access to the Internet. Occasionally some software does try to "call home" and send something from my computer using IE, but that just doesn't happen, IR can't get out.

I did have one bank that had their on-line banking software set up to only use IE. I asked them why they insisted that I use the most insecure browser out there to access my account. They couldn't give a good answer. The issue was easily resolved, my new bank had no such problem.

And coming on top of the XP stories, it makes you wonder about Microsoft altogether!

and with the number of recalls and lawsuits against Toyota, GM and Ford lately it makes you wonder about those companies as well.

This bug will never be fixed for XP because XP is no longer supported and there will be no more NEW windows updates for it.

I'm not using IE since times of Netscape Navigator. Anybody remembers it? As old proverb says: IE is good only to download any other browser. Or: IE is browser to search Internet from your computer and vice versa.

Recently I have to use IE at work (SharePoint database requirement) and it is making problems with update to version 7 or higher. And nobody can tell what's wrong. Even Microsoft people.

Users may be able to manually apply IE patch when MS releases the patch for Vista, 7, 8.

Thanks for the heads up.

This is scary stuff.......

It's amazing the things these hackers can do.

There are several companies paying MS to continue support for XP so they would get a fix. It just won't be available to those that are not paying for extended support.

It is my understanding that this bug only impacts IE 9 and later, and that IE 8 was the last one to work on XP. I simply refuse to use IE or even let it get through my firewall, so I have not followed this closely; but if that understanding is correct it is a non-issue for those of us who choose not to replace XP with the more problem riddled newer versions. (And to those who know better than use IE at all.)

It affects IE 6 through 11 but the attacks are targeting IE9 through IE11. It is a non issue for IE8 on WinXP users at the moment but it will definitely change (if it has not already). Flash player also plays a role in successful attacks. Exploit fails if Flash plugin is disabled or not installed.

Thanks

Check with update I believe a fix is out, going there now.

Update: I just applied the fix from Microsoft.

http://bit.ly/1heCSUD

Bobby likes! LOL!

It's even better, Microsoft releases update for Windows XP despite its out of support status.

http://blogs.technet.com/b/msrc/archive/2014/05/01/out-of-ba...

I'm running XP and 10 minutes ago MS pushed the IE8 fix to my PC

Microsoft released the security update this morning to fix this vulnerability.

"Security Update for Internet Explorer 11 for Windows 7 (KB2964358)

Installation date: ‎5/‎2/‎2014 3:53 AM

Installation status: Successful

Update type: Important

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

More information:
http://support.microsoft.com/kb/2964358

Help and Support:
http://support.microsoft.com"

11.0.7
I just had a Windows update and it was for IE.
I now have 11.0.7 IE

I use Chrome but my husband still uses IE.

has this vulnerability been out there?

Yikes!!!!

Since IE6.

It seems these critical problems are happening faster and faster.

Maybe news reports and awareness of the general public is more common, but this has been going on for a long time. And actually as people become more aware, they are more judicious about keeping patches and protection updated, so the ability for attackers to succeed becomes more difficult. Who remembers the "Love Bug" attack? I sure do .., I think it was back in the early 2000's. Back then there were millions of unprotected computers that weren't behind a firewall and didn't even have virus protection. I worked for an organization that was vulnerable at that time, and I remember after hearing the news reports, I immediately went to the server room and pulled the power plugs on our email servers to prevent infection. My bosses and our customers were livid at the time that I disrupted services without their authorization. A day later when the extent of the damage was revealed in news reports, I was a hero. And that incident is what gave me the credibility to justify the expense of a firewall and organization wide virus protection.

So I will argue with your assertion that these attacks are more prevalent. Smarter attacks, better reporting and more awareness, yes, but critical problems faster and faster, no.

Seriously? Why pulled the power plugs? Intentionally crashing servers without proper shutdown is not a smart move. You could've just unplugged your broadband connection (or the ethernet wire) or turn off the modem. I'd do whatever it takes but I would never intentionally crash a server. Btw, I did not shut down anything but I didn't get hit at all.

I used Explorer for a long time, all of a sudden I would have problems with sites I use a lot (Jet Blue)
I could get into the site but not check flights. I switched to Google Chrome and the problem went away.
It is also a lot faster and easier to use.
I thought it was my laptop but it is brand new with Windows 7 pro.
I started to wonder when I could go into the site and check flights with a Android tablet.
I also had a problem with MSN not letting me into my E-mail. It would ask me security questions I never set up
(15) years ago. It took me a month to get that straight. God bless Microsoft!

This isn't a surprise, MS is in full CYA mode right now. A vulnerability this extensive is a huge black eye, and they'd want it behind them ASAP.

I am not sure you could characterize Microsoft's response as "CYA". A security breach was identified that extended back to previous operating systems that are still in use. Microsoft provided a fix. In my opinion that's just good corporate policy, not a CYA response.

Let's say you were a big car company and you were actually aware of a problem for a decade... but decided not to fix it. Then, when the problem becomes public knowledge, you claim "That was then - this is now".

THAT is CYA!

I received and installed the IE update, Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB2964358), on 5/2/14.

After reading an above post that Microsoft had released a new update for Windows XP, I connected my old laptop and installed Security Update for Internet Explorer 8 for Windows XP(KB2964358) as well.

I barely use the laptop anymore for anything but I've tried to keep the security up to date. Rarely do I ever connect it to the Internet except for receiving Windows and antivirus/anti-spyware security software updates.

Wonderful

The only reason IE is on my computer is, it is an integral part of Windows. If there is a reliable way to get rid of it I would.

Many years ago I used the Opera Browser but a few years ago I switched to Mozilla Firefox.

The next best thing to getting rid of it is to block it in your firewall, assuming that you are using a decent software firewall and not the "firewall" provided by Microsoft. And while IE may be hard to truly rid yourself of, the Microsoft firewall is not.

Not really getting rid of it. To disallow IE or any Windows components that uses IE from accessing the internet, give it an invalid proxy (Internet Properties - Connections - LAN settings - Use a proxy server for your LAN). I set mine to 0.0.0.0

This approach is for Firefox users. It becomes a problem for Chrome users because Chrome uses IE proxy settings. Firefox does not depend on IE settings.

In the meantime, I hope you discovered the many advantages and read about the much improved security provided by the other browsers like Firefox, Chrome etc. and continue to use them instead of going back to Internet Explorer which is a terrible old piece of software full of more bugs yet to be discovered.

I actually haven't seen anyone give any good reason to use that piece of junk. The people who use it seem to do so because it came on their computer and they don't realize there are other options, or are too lazy to even look at the other options. On the other hand, every non-technical friend that I've helped switch has stayed switched and not gone back.

Why us IE, when Firefox, or Chrome is much better?? I havent used IE hardly at all in probably 5 years. Only time I did, was because it had a favorites shortcut I hadnt moved or saved elsewhere.

I don't recall the last time I used it on my home computer, BUT on the company laptop they feed a lot of things through it and I have no choice.

I have been using Opera for many years, and have no plans to change. Every time that I have seen an independent rating of the security of various browsers, Opera has been at the top of the list, and it does everything that *I* am looking for in a browser. YMMV.

- Tom -

I quit using IE because there are no updates for it if you run Windows Vista...That is what I currently run so I have switched to Chrome.

Yikes. You are a very bold individual...

I am also running Vista. Why are we bold? I have not had any problems with it, but should I be looking for something?
Just asking, not trying to start anything.

Have had zero problems with Vista..Chrome is great... much better than IE9. Try it, you might just like it...

Not with many programs, but with a bunch of the software we tried to get running at my current job. It was just a nightmare. Healthcare is a special niche, I guess. I recall getting service packs installed was a bear... But this is all tangential to the original thread.

I would upgrade to windows 8.1 but many of my programs will not work and I would have to do a hard install and have to reload all of my data. Not worth it right now. Would get 7 but can't find any upgrades. With 7 it saves everything when you do the upgrade.

Hasn't that bug been fixed a bit ago?

A lifetime in the new electronic age....

Yes but another bug has just been publicly disclosed:

Microsoft Internet Explorer CMarkup Use-After-Free Remote Code Execution Vulnerability
http://zerodayinitiative.com/advisories/ZDI-14-140/

No fix for IE8 on WinXP.

I don't use IE and haven't for some time, but I am still receiving updates from Microsoft for XP. (Two since they announced the Windows Update security releases for XP were discontinued.)