Microsoft rushes out software fix to prevent browser attacks

Microsoft rushes out software fix to prevent browser attacks

Download here ....

Microsoft Security Advisory: Vulnerability in Internet Explorer could allow remote code execution

 

It's a vulnerability in IE - whether or not that will be relevant if you use another browser I don't know.

I ran the Fixit with no issues - I would suggest you do the same.

 

No. It's not a Windows security vulnerability, it's an IE problem. Other browsers are not affected. The vulnerability has to do specifically with how IE handles objects in memory.

What that means is this (very simplified explanation):

Let's say you visit a Web page that uses javascript, most all sites use it today. Javascript is a programming language and Web pages can use it to do certain things such as dynamically changing content on the page (changing content on-the-fly). You see this in advertisements on pages.

In object oriented programming, every action or referenced thing in a block of code is referred to as an Object. Every item on a Web page can be considered an object too, e.g. paragraph of text, image, ad, video, etc. In object oriented programming, blocks of code are re-usable.

When javascript is executed in a Web page it is occurring in YOUR computer's memory. Objects can be stored in that memory for later use at a Web site and objects can be deleted from that memory using additional javascript. This is temporary storage of references to the things on a Web page, e.g. ads that have been displayed so far, images that have been displayed, etc., even your mouse and keyboard actions can be stored.

When you leave that Web site or close the browser, the stored objects are gone.

The vulnerability has to do with how IE handles deleted objects in memory. A Web page can be crafted using javascript or other programming language which exploits the vulnerability and gives the attack Web page the same privileges as the current user. If you have the capability of installing software then so will the attack site. It could force install malware on your computer.

The caveat is that you must be enticed to click a link that leads to an attack site. Such links are available in email messages, instant messages, search page results, etc.

Thus, if you do not install the MS Fix, and if you use a different browser than IE, make sure that browser is set as the default browser, else clicking a link in email could open IE.

 

If an app is using IE for its streamed ads then definitely update IE. Cookies are OK to have enabled, just set IE to block 3rd party cookies and you won't get those messages/alerts.

Internet Options > Privacy tab > Advanced button > Override auto cookie handling > Block third-party cookies > OK button > Apply button.