Matsuda Posted August 1, 2014 Share Posted August 1, 2014 Microsoft is making really big efforts to make its software more secure (or at least, that’s what the company is saying), so every month’s Patch Tuesday rollout addresses vulnerabilities in a wide array of products, including Windows, Internet Explorer, and Office.Redmond has recently fixed a vulnerability in Internet Explorer that was three years old, as it was found by the security researchers at VUPEN on February 12, 2011.Officially patched on June 17 as part of bulletin MS14-035, the glitch was disclosed by VUPEN at the Pwn2Own hacking event in March this year.“The vulnerability is caused due to an invalid handling of a sequence of actions aimed to save a file when calling ‘ShowSaveFileDialog()’, which could be exploited by a sandboxed process to write files to arbitrary locations on the system and bypass IE Protected Mode sandbox,” the security researchers explained.The Microsoft Security Bulletin MS14-035 was released to address two publicly disclosed vulnerabilities and 58 privately reported glitches in Internet Explorer, including the one discovered by VUPEN.“The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights,” Microsoft explained.“The security update addresses the vulnerabilities by modifying the way that Internet Explorer handles objects in memory, validates permissions, and handles negotiation of certificates during a TLS session.”The security flaw found by VUPEN affected pretty much all Internet Explorer versions on the market, including the old IE6 and the newly-launched IE11 which is part of Windows 8.1.Microsoft hasn’t shared any details regarding the number of exploits that could have involved the flaw found by VUPEN, but since it was reported via private channels, users have most likely been on the safe side until the company rolled out a patch.In case you’re wondering, VUPEN has a pretty good history on finding vulnerabilities at hacking competitions, as the company has until now raised no less than $300,000 (€225,000) for flaws found in Adobe Reader, Internet Explorer, Mozilla Firefox, and Adobe Flash, according to The Register. At this point, all Internet Explorer installations should be on the safe side if all security patches delivered via Windows Update are installed.Source: http://news.softpedia.com/news/Microsoft-Fixes-Three-Year-Old-Security-Flaw-in-Internet-Explorer-453112.shtml Link to comment Share on other sites More sharing options...
dMog Posted August 1, 2014 Share Posted August 1, 2014 (edited) internet explorer...what is that how do i find it on my computer...never heard of such a browser :lol:edit....spelling Edited August 1, 2014 by dMog Link to comment Share on other sites More sharing options...
shorty6100 Posted August 2, 2014 Share Posted August 2, 2014 (edited) It's almost impossible to NOT use it-at least on rare occasions. Ex.-whenever I get Facebook notifications, links open in IE. Another-Weatherbug links also open in IE. I have all defaults set to Pale Moon. Edited August 4, 2014 by shorty6100 Link to comment Share on other sites More sharing options...
dcs18 Posted August 2, 2014 Share Posted August 2, 2014 Facebook???What is that? Link to comment Share on other sites More sharing options...
LeeSmithG Posted August 2, 2014 Share Posted August 2, 2014 (edited) Facebook??? What is that? It's where faceless morons looking for cheap and easy sexual relationships hang-out, so Jeremy Kyle. I do not have a facebook account however 9 morons signed up accounts entering my unique emails. I changed the password and phoned the number they left as their contact details, ha ha. Back to the thread, I adore IE, always have done always will do, but, shame on M$ for not doing the fix sooner. Edited August 2, 2014 by LeeSmithG Link to comment Share on other sites More sharing options...
Nastrahl Posted August 3, 2014 Share Posted August 3, 2014 (edited) It's almost impossible to NOT use it-at least on rare ocassions. Ex.-whenever I get Facebook notifications, links opeen in IE. Another-Weatherbug links also open in IE. I have all defaults set to Pale Moon.You can uninstall it from Program & Features, then "Turn Windows features on and off" in the column on the right.Here, IE is just the fastest browser, and the only officially 64-bits supported, but lacks in add-ons/extensions. And for some unknown reasons, doesn't terminate its process on exiting. Edited August 3, 2014 by Nastrahl Link to comment Share on other sites More sharing options...
Recommended Posts