mersenneforum.org  

Go Back   mersenneforum.org > Extra Stuff > Soap Box

Reply
 
Thread Tools
Old 2012-06-16, 17:41   #1
cheesehead
 
cheesehead's Avatar
 
"Richard B. Woods"
Aug 2002
Wisconsin USA

1E0C16 Posts
Default "Attention all Windows users: patch your systems now"

Yesterday and again a few hours ago, an anti-virus scan of my system found and repaired what might have been the results of an exploit of the bug that is the subject of the following article. AVG Anti-Virus Free Edition found and fixed "corrupted" code in three IE modules (SymantecPlugin[1].dll, UniblueDriverScannerPlugin[1].dll and GooglePlugin[1].dll). This is the first time in several years that any anti-virus software I've used has found an actual problem on my system.

I had not applied the latest Windows patches, which Microsoft posted Tuesday, until last night.

"Attention all Windows users: patch your systems now"

http://arstechnica.com/security/2012...ers-patch-now/

Quote:
Online attackers are actively exploiting a vulnerability in Internet Explorer that allows them to execute malicious code on computers that visit booby-trapped websites, researchers said in an advisory that underscores the importance of installing a Microsoft patch as soon as possible.

The exploit of a critical IE bug, reported by researchers from antivirus provider McAfee, means there are two newly disclosed vulnerabilities in Microsoft products under attack. On Tuesday, Microsoft warned of a separate vulnerability in all supported versions of Windows that was also actively being exploited.

The most immediate significance of the McAfee report is this: If you run Windows and haven't installed Tuesday's batch of security fixes, you should stop whatever else you're doing and run them now.

. . .

Last fiddled with by cheesehead on 2012-06-16 at 17:43
cheesehead is offline   Reply With Quote
Old 2012-06-16, 17:45   #2
firejuggler
 
firejuggler's Avatar
 
"Vincent"
Apr 2010
Over the rainbow

1011000111012 Posts
Default

IE? which self-respecting Internet user still use it? (beside corporation?)
firejuggler is offline   Reply With Quote
Old 2012-06-16, 17:47   #3
science_man_88
 
science_man_88's Avatar
 
"Forget I exist"
Jul 2009
Dumbassville

2·5·839 Posts
Default

Quote:
Originally Posted by cheesehead View Post
Yesterday and again a few hours ago, an anti-virus scan of my system found and repaired what might have been the results of an exploit of the bug that is the subject of the following article. AVG Anti-Virus Free Edition found and fixed "corrupted" code in three IE modules (SymantecPlugin[1].dll, UniblueDriverScannerPlugin[1].dll and GooglePlugin[1].dll). This is the first time in several years that any anti-virus software I've used has found an actual problem on my system.

I had not applied the latest Windows patches, which Microsoft posted Tuesday, until last night.

"Attention all Windows users: patch your systems now"

http://arstechnica.com/security/2012...ers-patch-now/
thanks for the heads up I'm still not sure what I can do about it scanning now and don't use IE but I have it so I might want what they have in case.
science_man_88 is offline   Reply With Quote
Old 2012-06-16, 17:48   #4
cheesehead
 
cheesehead's Avatar
 
"Richard B. Woods"
Aug 2002
Wisconsin USA

22·3·641 Posts
Default

Quote:
Originally Posted by firejuggler View Post
IE? which self-respecting Internet user still use it? (beside corporation?)
If I want to download Windows patches, but I don't want to wait for the automatic background download, I have to use IE to go to the Microsoft Update site, which won't accept Firefox.

Added:

Once in a while, after I've downloaded the latest fixes, I stray from my usual discipline of immediately disconnecting (so that I don't use IE for any site other than Microsoft Update) and bring up some other website. This is a bad habit of mine, and may have been what allowed the invasion.

Also, once in a while some software package I'm using insists on invoking IE when I'm checking for updates. My policy is to shut that IE instance down ASAP, but sometimes I stray.

I credit my usual online discipline for not having had infections very often, but I'm not perfect.

Last fiddled with by cheesehead on 2012-06-16 at 18:05
cheesehead is offline   Reply With Quote
Old 2012-06-16, 17:49   #5
ewmayer
2ω=0
 
ewmayer's Avatar
 
Sep 2002
República de California

2DDA16 Posts
Default

Guess it's a good thing I never touch IE, then.

Of course there are many websites which are IE-only in terms of functionality. My former workplace had many internal pages like this, but if they left themselves open to this kind of stuff, it was their employees' work PCs that were the potential victims, which serves 'em (the company, not the employees) right.
ewmayer is offline   Reply With Quote
Old 2012-06-16, 17:59   #6
retina
Undefined
 
retina's Avatar
 
"The unspeakable one"
Jun 2006
My evil lair

7·937 Posts
Default

Quote:
Originally Posted by cheesehead View Post
AVG Anti-Virus Free Edition found and fixed "corrupted" code in three IE modules (SymantecPlugin[1].dll, UniblueDriverScannerPlugin[1].dll and GooglePlugin[1].dll).
Some notes:
  1. How do you know the AV is correct? How would you know if it was a false positive?
  2. All those files are not core IE files, they are plugins that you have installed. Others may not even have such plugins so no reason to panic.
  3. If you did really get infected by surfing then I would expect your surfing habits are quite different from other's habits so many others may have no reason to panic.
  4. I haven't use IE for a very long time now, and I expect many others also never touch IE either, so again no need for them to panic.
  5. These vulnerabilities are almost always related to JS so for those of use that don't run JS there is no reason to panic.
retina is offline   Reply With Quote
Old 2012-06-16, 18:15   #7
cheesehead
 
cheesehead's Avatar
 
"Richard B. Woods"
Aug 2002
Wisconsin USA

22·3·641 Posts
Default

Quote:
Originally Posted by retina View Post
Some notes:
  1. How do you know the AV is correct? How would you know if it was a false positive?
  2. All those files are not core IE files, they are plugins that you have installed. Others may not even have such plugins so no reason to panic.
  3. If you did really get infected by surfing then I would expect your surfing habits are quite different from other's habits so many others may have no reason to panic.
  4. I haven't use IE for a very long time now, and I expect many others also never touch IE either, so again no need for them to panic.
  5. These vulnerabilities are almost always related to JS so for those of use that don't run JS there is no reason to panic.
1a. The other AV doesn't find a problem in the first AV.

1b. I probably wouldn't unless some particular odd detail caught my eye.

2a. I've never voluntarily installed a plugin to IE by myself. The only things I've deliberately done to IE are to install the Microsoft patches. I don't know whether IE includes some plugins by default, or whether some Microsoft patch added an IE plugin. Also, some other software may, as part of its installation, have installed an IE plugin without asking my explicit permission or notifying me.

2b. (See 3b)

3a. I try, but I'm not perfect in my security habits. OTOH, the last time I found anything like this on my system was ... before 2003 ... so I consider it notable, but make no insistence that anyone else do so.

3b. You're the one mentioning panic, not me.

4. (See 3b)

5. (See 3b)

Last fiddled with by cheesehead on 2012-06-16 at 18:24
cheesehead is offline   Reply With Quote
Reply

Thread Tools


Similar Threads
Thread Thread Starter Forum Replies Last Post
[Patch] "Test/Primenet" prompts improvements on console version Explorer09 Software 2 2017-03-09 04:14
newPGen "Data Execution Prevention" on Windows Server R2 2012 MisterBitcoin Software 4 2017-02-21 15:50
"Start at Bootup" option didn't work on Windows XP machine? ixfd64 Software 1 2014-12-31 17:14
Is it worth the trouble to "upgrade" Windows 8 to Windows 7? ixfd64 Lounge 23 2013-04-13 11:12
"Trusted" CPU/users davieddy PrimeNet 7 2011-11-09 19:49

All times are UTC. The time now is 17:51.


Sun Aug 14 17:51:54 UTC 2022 up 38 days, 12:39, 2 users, load averages: 1.33, 1.32, 1.15

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.

This forum has received and complied with 0 (zero) government requests for information.

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.
A copy of the license is included in the FAQ.

≠ ± ∓ ÷ × · − √ ‰ ⊗ ⊕ ⊖ ⊘ ⊙ ≤ ≥ ≦ ≧ ≨ ≩ ≺ ≻ ≼ ≽ ⊏ ⊐ ⊑ ⊒ ² ³ °
∠ ∟ ° ≅ ~ ‖ ⟂ ⫛
≡ ≜ ≈ ∝ ∞ ≪ ≫ ⌊⌋ ⌈⌉ ∘ ∏ ∐ ∑ ∧ ∨ ∩ ∪ ⨀ ⊕ ⊗ 𝖕 𝖖 𝖗 ⊲ ⊳
∅ ∖ ∁ ↦ ↣ ∩ ∪ ⊆ ⊂ ⊄ ⊊ ⊇ ⊃ ⊅ ⊋ ⊖ ∈ ∉ ∋ ∌ ℕ ℤ ℚ ℝ ℂ ℵ ℶ ℷ ℸ 𝓟
¬ ∨ ∧ ⊕ → ← ⇒ ⇐ ⇔ ∀ ∃ ∄ ∴ ∵ ⊤ ⊥ ⊢ ⊨ ⫤ ⊣ … ⋯ ⋮ ⋰ ⋱
∫ ∬ ∭ ∮ ∯ ∰ ∇ ∆ δ ∂ ℱ ℒ ℓ
𝛢𝛼 𝛣𝛽 𝛤𝛾 𝛥𝛿 𝛦𝜀𝜖 𝛧𝜁 𝛨𝜂 𝛩𝜃𝜗 𝛪𝜄 𝛫𝜅 𝛬𝜆 𝛭𝜇 𝛮𝜈 𝛯𝜉 𝛰𝜊 𝛱𝜋 𝛲𝜌 𝛴𝜎𝜍 𝛵𝜏 𝛶𝜐 𝛷𝜙𝜑 𝛸𝜒 𝛹𝜓 𝛺𝜔