[AJ]

Veebruari Win-i uuendus peaks selle vea ära parandama

Microsoft to patch 17-year-old computer bug
http://news.bbc.co.uk/2/hi/technology/8499859.stm

[sant]

[AJ]

sant, ega enne ei liikuta kui mats käes.

[sant]

No täpselt, alates tänasest olen vist viiruse vaba, enam ei leia midagi, ja kolmandik failidele adjöö.
Samas päris loobuda ie-st ei saa, näiteks symanteci online scan ei tööta firefoxi all

[AJ]

Microsoft Warns Windows XP Users To Avoid F1 Key In Internet Explorer
http://hothardware.com/News/Microsoft-Warns-Windows-XP-Users-To-Avoid-F1-Key-In-Internet-Explorer/

Spoiler

tsitaat:

2010 has not been kind to Microsoft's security team. In under a month's time, we've seen Microsoft address a bug that was supposed to fix an ancient exploit but instead caused more headaches, all while having to encourage consumers not to be duped by a fake security site parading around as something useful. As if those software savvy folks up in Washington didn't have enough on their plates, the company has today issued yet another startling advisory, and this is easily one of the more bizarre ones that we've seen. Microsoft has gone public with an investigation into a "a vulnerability in VBScript that is exposed on supported versions of Microsoft Windows 2000, Windows XP, and Windows Server 2003 through the use of Internet Explorer." This is quite significant because a huge majority of PCs in the world still rely on Windows XP, and many corporate environments haven't upgraded or switched away from IE. To date, Microsoft has yet to find evidence that this exploit could harm Windows 7, Vista or Server 2008 users. The primary problem that we're dealing with here is "remote code execution," and while the company admits that they aren't aware of any attacks that take advantage of the vulnerabilities, they're obviously looking to patch things up before it gets bad. Here's Microsoft's exact explanation of the issue: The vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer. If a malicious Web site displayed a specially crafted dialog box and a user pressed the F1 key, arbitrary code could be executed in the security context of the currently logged-on user. On systems running Windows Server 2003, Internet Explorer Enhanced Security Configuration is enabled by default, which helps to mitigate against this issue. Did you catch that? The part about the "F1" key? In a few words, Microsoft is actually advising Windows XP users who rely on IE to not use their F1 key, which is kind of crazy when you think about it. Thankfully, not many people actually rely on the F1 key in day-to-day use, but just imagine the outrage if "F1" were replaced with "A." The public is being told that the problem is being worked on, though there is no time table given as to when we can expect a fix. Just push those F1 urges aside from awhile, and everything should be just fine.

[Betamax]

See F1 on Windowsi all paras pind tagumendis. Tihti vajutan F2 asemel kogemata F1 ja sõltuvalt sellest, kui suur on arvuti koormus, tuleb seda Help & Support Centeri akent päris kaua oodata. Samal ajal tirib muidugi arvuti kenasti kooma

[xecroy]

[Betamax]

Kasutan igapäevaselt. Seega ei saa

[AJ]

Unpatched Internet Explorer exploit hits the Web
http://www.techspot.com/news/38202-unpatched-internet-explorer-exploit-hits-the-web.html

Spoiler

tsitaat:

Israeli security researcher Moshe Ben Abu has published the exploit code of an unpatched Internet Explorer security hole. With the help of a McAfee blog post, Abu pinpointed the vulnerability in about 10 minutes. Microsoft warned on Tuesday that the bug could allow an attacker to take control of a computer, and advised users of IE 6 and 7 to install version 8 as soon as possible. CNET asked Abu how dangerous the vulnerability is, and his response was in line with Microsoft's recommendation of updating to IE8. Abu also noted that the exploit is quite unstable, with about 60% to 70% success rate, and confirmed that it is critical to older builds of IE. Microsoft provided additional workarounds in its advisory for users who can't upgrade to the latest browser version. Although information in McAfee's sped up the process, Abu said he would have found the vulnerability anyway. McAfee said the post in question did not contain enough information to directly lead anyone to the hole, but the firm's future blog posts will undergo "additional sanitization" to avoid giving exploit writers a starting point when hunting for exploit code.