|
Thanks to our reader Juha-Matti for pointing out that a Metasploit module was released to exploit the recent Internet Explorer 8 vulnerability. The vulnerability has also been assigned CVE-2013-1347. Please let us know if you are running into exploits for this vulnerability.
------ |
Johannes 4351 Posts ISC Handler May 6th 2013 |
| Thread locked Subscribe |
May 6th 2013 8 years ago |
|
5 days now since release of the advisory; no "FixIt", no date for a fix, no nothing from M$, XP users (over 1/3 of all users on the Web) hung out to dry. USE ANOTHER BROWSER all the time...
. |
Jack 160 Posts |
| Quote |
May 8th 2013 8 years ago |
|
So this is still a targeted exploit as far as I can see, there are at least 3 other versions of IE available to users that aren't vulnerable, lowering user privileges reduce risk, A/V vendors are detecting (probably web filters too). I think there's enough risk mitigation options on this one...
|
IMFerret 10 Posts |
| Quote |
May 8th 2013 8 years ago |
|
Fixit now available: http://support.microsoft.com/kb/2847140
Updated with link to fixit page: http://technet.microsoft.com/en-us/security/advisory/2847140 Blog on Technet announcing fixit: http://blogs.technet.com/b/msrc/archive/2013/05/08/fix-it-for-security-advisory-2847140-is-available.aspx |
FTWMike 24 Posts |
| Quote |
May 8th 2013 8 years ago |
|
Another reason to deploy EMET.
|
mbrownnyc 19 Posts |
| Quote |
May 9th 2013 8 years ago |
|
@mbrownnyc but the latest EMET requires the added risk (security & bad patches) of .NET 4.
|
FTWMike 24 Posts |
| Quote |
May 10th 2013 8 years ago |
|
Link to fix (KB2847204): http://www.microsoft.com/en-us/download/details.aspx?id=39031
|
FTWMike 24 Posts |
| Quote |
May 15th 2013 8 years ago |
Sign Up for Free or Log In to start participating in the conversation!
https://www.sans.edu
