Windows 10: Temporary micropatch available for zero-day Windows exploit

Discus and support Temporary micropatch available for zero-day Windows exploit in Windows 10 Updates and Activation to solve the problem; "A publicly disclosed Windows zero-day vulnerability could allow attackers to take full control of systems once they compromise a low-privilege... Discussion in 'Windows 10 Updates and Activation' started by hello10, Jan 20, 2019.

  1. hello10 Win User

    Temporary micropatch available for zero-day Windows exploit

    hello10, Jan 20, 2019
    #1
  2. Wottle Win User

    IE10 zero day exploit and mobile browser

    New Windows Phone user here. I read about this IE10 zero day and wondered if it could affect me.



    New zero-day bug in IE 10 exploited in active malware attack, MS warns (updated)



    Is it safe to say that because Windows Phone uses the mobile version of IE10 it isn't affected by this as the desktop version of IE10 would be?
     
    Wottle, Jan 20, 2019
    #2
  3. Borg 386 Win User
    Cisco zero-day exploited in the wild to crash and reload devices


    https://tools.cisco.com/security/cen...asaftd-sip-dos

    Cisco zero-day exploited in the wild to crash and reload devices | ZDNet
     
    Borg 386, Jan 20, 2019
    #3
  4. Temporary micropatch available for zero-day Windows exploit

    Internet Explorer hit by zero-day exploit, temporary fix issued

    Temporary micropatch available for zero-day Windows exploit [​IMG]

    Microsoft is urging users of Internet Explorer to download a free security tool, enhanced Mitigation Experience Toolkit (EMET), as an interim measure against a previously unknown zero-day exploit in its web browser software that is under active malware attack by hackers.

    Eric Romang, a researcher in Luxemburg, discovered it on Friday after finding his computer infected by the Poison Ivy Trojan, used by hackers to gain remote access to their victims' computers to steal data. According to Romang, further analysis revealed it got onto his computer via a flaw in Internet Explorer.

    Poison Ivy exploits a “use-after-free vulnerability” in IE that enables a hacker to create an image URL referencing uninitialized memory. This corrupts the memory and once completely executed gives the attacker remote access with the same permissions as the current user

    The vulnerability affects computers running all versions of Internet Explorer from IE6 to IE9, on every single OS release since Windows XP right through to Windows 7 and Server 2008. Interestingly though, Microsoft’s IE 10 running on Windows 8 and Server 2008 are not affected according to Microsoft’s Security Advisory.

    “What may be most worrying is that Windows Vista and 7 don’t protect you,” said HD Moore, CSO of security firm Rapid 7, and the chief architect of the Metasploit tool kit, used widely by penetration testers and hackers. “This is one of the few times that a vulnerability has been successfully exploited across all the production shipping versions of the browser and OS. The surprising thing about this is the fact they (Metasploit researchers) got [it] to work across every one of these platforms.”

    The flaw could be sidestepped by upgrading from Oracle’s Java Standard Edition 6 to the newer Java Standard Edition 7 version, though this is not recommended as there is another critical flaw that Oracle hasn’t yet acknowledged or patched in Java 7 Update 7, which could allow an attacker to take control of the computer, according to Ars Technica.

    The interim fix using EMET will likely prove complicated for many, especially businesses who may suffer adverse effects with existing software used on their networks. Because of this, security firms such as Symantec recommend computer users switch to an alternative browser like Chrome or Firefox, at least until Microsoft releases a permanent fix to plug the exploit.

    http://www.techspot.com/news/50193-...by-zero-day-exploit-temporary-fix-issued.html
     
    micropage7, Jan 20, 2019
    #4
Thema:

Temporary micropatch available for zero-day Windows exploit

Loading...
  1. Temporary micropatch available for zero-day Windows exploit - Similar Threads - Temporary micropatch available

  2. Windows 10 zero-day exploit code released online

    in Windows 10 News
    Windows 10 zero-day exploit code released online: A security researcher has published today demo exploit code on GitHub for a Windows 10 zero-day vulnerability. The zero-day is what security researchers call a local privilege escalation (LPE). LPE vulnerabilities can't be used to break into systems, but hackers can use...
  3. Microsoft Exchange vulnerable to PrivExchange zero-day

    in Windows 10 News
    Microsoft Exchange vulnerable to PrivExchange zero-day: Microsoft Exchange 2013 and newer are vulnerable to a zero-day named "PrivExchange" that allows a remote attacker with just the credentials of a single lowly Exchange mailbox user to gain Domain Controller admin privileges with the help of a simple Python tool. Details about...
  4. Cisco zero-day exploited in the wild to crash and reload devices

    in Windows 10 News
    Cisco zero-day exploited in the wild to crash and reload devices: The Cisco security team has revealed earlier the existence of a zero-day vulnerability affecting products that run Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. The vulnerability has been exploited in the wild, according to a security...
  5. Adobe readies emergency patch for Flash zero-day bug exploited in the

    in AntiVirus, Firewalls and System Security
    Adobe readies emergency patch for Flash zero-day bug exploited in the: Adobe readies emergency patch for Flash zero-day bug exploited in the wild Adobe has told users that an emergency patch is being prepared for a Flash zero-day vulnerability being exploited in the wild which can give attackers complete control. On Tuesday, the tech...
  6. Second Flash Player zero-day exploit found in Hacking Team's data

    in AntiVirus, Firewalls and System Security
    Second Flash Player zero-day exploit found in Hacking Team's data: Even though they fixed an exploit last week, guess what we'll be patching, once again, this week? *Rolleyes Second Flash Player zero-day exploit found in Hacking Team's data | PCWorld 8193
  7. Java zero-day security flaw exploited in the wild

    in AntiVirus, Firewalls and System Security
    Java zero-day security flaw exploited in the wild: Oracle is working with Trend Micro to patch the problem. Until a fix is issued, users concerned about falling victim to the exploit should temporarily disable Java in their browser. The Java zero-day is reportedly being exploited through drive-by downloads on the latest...
  8. Shadow Brokers Release Zero Day Exploit Tools

    in Windows 10 Support
    Shadow Brokers Release Zero Day Exploit Tools: For what it's worth, is the following of any interest? "On Friday, a hacker group known as The Shadow Brokers publicly released a large number of functional exploit tools. Several of these tools make use of zero-day vulnerabilities, most of which are in Microsoft Windows....
  9. Use Anti-Exploit Program to Help Protect Your PC From Zero-Day Attack

    in Windows 10 News
    Use Anti-Exploit Program to Help Protect Your PC From Zero-Day Attack: Anti-exploit programs provide an additional layer of security by blocking the techniques attackers use. These solutions can protect you against Flash exploits and browser vulnerabilities, even new ones that haven’t been seen before or patched yet. Windows users should...
  10. Internet Explorer zero-day alert

    in Windows 10 News
    Internet Explorer zero-day alert: Scary stuff! Thanks for the tip...