Friday, September 21, 2012

No Safe Surfing With IE For Now

A critical vulnerability with IE has occurred, and at this time we do not recommend using IE, versions 6 thru 9, for browsing, and there is no current patch. Read about the advisory here: http://technet.microsoft.com/en-us/security/advisory/2757760

The following article, from Windows Secrets discusses the details:

If you use IE, don’t — at least not for now

Susan Bradley
By Susan Bradley on September 19, 2012 in Patch Watch
A serious vulnerability in Internet Explorer 6 through 9 has come to light, and there’s no patch at this time.
If you must use Internet Explorer for specific applications, use another browser as much as possible and remove or disable Java.

Yet another zero-day exploit targets IE

Microsoft Security Advisory 2757760, dated Sept. 17, warns of a newly disclosed IE vulnerability that could allow remote-code execution — which means an attacker could take over a targeted PC with the same rights as the current user. (This type of threat is why we recommend setting up a non-admin account on the PC you use most of the time.)
According to the advisory, Internet Explorer 10 (included with Windows 8) is not threatened. But that caveat is irrelevant because few Windows users are running Win8 for any purpose other than testing the new OS.
- What to do: Here, in a nutshell, are your options:
1) Use another browser. Until Microsoft releases a patch for this new threat, simply do all your Web browsing with Firefox or Chrome — and make sure they’re fully updated.
2) Remove Java. If you must use IE, ensure that Java is fully disabled or not installed. I discussed this in my Sept. 6 Patch Watch column.
3) Use the Enhanced Mitigation Experience Toolkit. If you can’t operate without IE and Java, Microsoft’s EMET software can help. A RationallyPARANOID blog has a helpful how-to guide for installing EMET. Brian Krebs also has an excellent post on using the toolkit to protect IE.
Look for more on EMET — what it is and how it protects you — in next week’s regularly scheduled Patch Watch. And if Microsoft releases an out-of-cycle IE update before then, I’ll let you know. In the meantime, keep an eye out for a soon-to-be-released Microsoft fixit for Internet Explorer; it should provide protection until a patch is ready. I’ll post an update in the Lounge when it’s released.

Posted by at No comments:

Friday, September 14, 2012

Update Friday

Friday is the day when I usually do website updates for my customers. I do have a fair amount of them to do today, as usual.

But, I set aside some time this morning when I first opened my laptop for some delayed, and much needed, updates for my own PC. There have been some nasty PC bugs flying around lately. Seems they come as fast and as often, and are as annoying, as the flies we have in the garage around the pears we picked the other day.

However, housekeeping is something we all must do if we want to keep our data safe and private. So, this morning I updated all sorts of things: my mal-ware software, an update that AVG has been griping about, a new update for Thunderbird, along with a Java update, Framemaker update, Flash update, and Adobe Reader update.

Pretty much all of that is security updates, and it is a necessary side note to being safe on the Internet these days. For many of you just having a browser installed (Firefox, Explorer, Chrome, etc.) is enough to spark an update of add on applications like Java and Flash. And, if you have not updated these items and have been holding out, like I have for a week or so, you really need to take the time and update these applications.

Not sure what to do? Well, if that's the case, then use your browser as a guide and a tool for add-on applications. In your browser, check for add-on updates through the menu in your browser. In Firefox, go to Tools, then Add-ons. Explorer: Tools, then Manage Add-ons. This way you can safely check to see if helper applications like Java or Flash needs to be updated. And, of course, as always, keep your virus protection software up to date!

So (yawn!) three "restart now to install your changes" and one good hot cup of coffee down the hatch, and I was good to go this morning!
Posted by at No comments:
Subscribe to: Posts (Atom)