NewSaurus

Internet Explorer Logo

Today in a quick response to the matter, Microsoft is rolling out two security updates to resolve the security flaws on Internet Explorer. In this Windows Update the software giant is releasing two patches: The first patch 2744842 (described in Microsoft Security Bulletin MS12-063), permanently fixes the vulnerability on IE7, IE8 and Internet Explorer 9 on Windows XP, Windows 7 and Vista respectively.

The security hole discovered late last weekend, as we mentioned before, could allow malicious users to harm Windows machines by means of spacial design of Flash animation.

The second security update (described in Microsoft Security Advisory 2755801) is to fix the Flash exploit found on Windows 8′s IE10. This was a security issue that could cause Adobe Flash to crash, while allowing unauthorized to the computer. Even though the operating system hasn’t been released, there are already many companies and people developing software with the Release to Manufacture or RTM version — Microsoft plans to make Windows 8 available to the public on October 26th, right after the launch event the day before in New York City.

The patches are now available for Windows 8, Windows 7, Vista and Windows XP via Microsoft’s Windows update service.

Source :- www.pureinfotech.com , Microsoft Security Bulletins

INTERNET EXPLORER LOGO

Days after the newly discovered weakness in Internet Explorer (versions 9, 8, 7 and 6) that could potentially put at risk a massive number of Windows PCs, Microsoft has made available a temporary resolution for the problem in form of a Windows Fix it (kb2757760), also an update scheduled to be released this Friday to permanently path the issue.

The exploit, discovered during the weekend, could allow a malware to bypass security protocols via Flash and affect XP, Vista and Windows 7 machines. In a new article the company stated that there is a fix now for it and it is easy to apply: “This is an easy, one-click solution that will help protect your computer right away. It will not affect your ability to browse the web, and it does not require a reboot of your computer.”

While the fix it (Microsoft Fix it 50939 and 50938) delivers a protection against the security hole, Microsoft recommends to IE users that it is highly important to install the forthcoming security update set for Friday via Windows Update. To get all the steps on how to install Microsoft Fix it for Internet Explorer follow these instructions.

Source :- www.pureinfotech.com

INTERNET EXPLORER LOGO

As you might have heard by now, Internet Explorer 9 down to version 6 are at risk because of a new security flaw – IE10 on Windows 8 has not been affected –. Microsoft has yet to issue a security update, but until then the company is suggesting some options to temporally deal with this bug.
About the new IE bug, well… It is a security hole that was discovered days ago and it could potentially compromise PCs running Windows 7, Vista, XP SP3 and below, if users browse malicious web pages designed to take advantage of this Internet Explorer’s weakness.

In an article from Microsoft Security Advisory the company is offering details about the problem and it is also advising users to protect themselves from this vulnerability until an update for IE is release.

Four different workaround to deal with the bug

What you should always be doing is advice first:

1>> Make sure that you have an antivirus and anti-spyware solution installed and up-to-date, and also make sure that you are using a firewall, either use the one built-in Windows or use a third-party solution.

2>> It is also suggested to install the Enhanced Mitigation Experience Toolkit or EMET from Microsoft. The utility is designed to help protect from weakness in software being easily exploited, by adding an extra layer of security that function as an obstacle that whoever writes the malicious software must bypass first.

3>> Another option is to modify your Internet and Local Intranet security settings to High. If you want to do this. Open Control Panel, in the search box type Internet Options, from the list results open the Internet Properties, navigates to the Security tab and in the “Security level for this zone” position the slider to High for both zones. Click Apply and then OK.

4>> Active Scripting can also be used by setting it to notify in both Local Intranet and Internet. To accomplish this task once again open the Internet Properties and in the Security tab, select the Internet zone, click the Custom Level button. Then scroll down and under the Scripting section, set the Active scripting option to Prompt, and click OK. Remember to do the same for the Local Intranet zone.

According to the company these workarounds could help prevent users from loading websites that can harm their computers with this security hole.

Changing the settings will actively trigger an unpleasant message every time the user stumble upon a web page that make use of the ActiveX control prompting to allow or block the web page. However, you can always opt not to use Internet Explorer, until a fix is release. Options are all around, you can use Google Chrome or Firefox as alternative web browsers among others. This is a pretty easy thing to do if you are a normal user, but the challenge comes when companies depend on IE to access their web applications.

Source :- wwwpureinfotech.com

With no fix available yet, Microsoft has a few words of wisdom for users who don't want to be bit by the newly-discovered bug.

A malware attack exploiting Internet Explorer 9. (Credit: Rapid7)

 Users of Internet Explorer versions 6 through 9 are grappling with another security flaw without a fix, but Microsoft has a few suggestions to help shore up protection.

Uncovered this past weekend, the security hole could compromise the PCs of IE users who surf to a malicious Web site. Microsoft said it's already aware of attacks that have tried to take advantage of this weakness.

Since no fix is yet available, it's up to users of IE to protect themselves. A new Microsoft Security Advisory offers several recommendations.

To start, the usual advice always applies. Make sure you're running updated antivirus and antispyware software and that you're using a firewall, either a third-party utility or the one built into Windows.
You can also install the Enhanced Mitigation Experience Toolkit from Microsoft. EMET tries to ward off attacks on software holes by putting up a wall of security obstacles that the malware writers must circumvent. EMET can be configured specifically for Internet Explorer as well as other applications.
Another option is to push the Internet and local Intranet security settings in IE to "high." To do this, launch Internet Explorer, click the Tools menu, and then select Internet Options. Click the Security tab and then select the Internet zone. Under the Security level for this zone, move the slider to High. Click the Local Intranet zone and again push the Security level to High.

Users can also set Active Scripting to "prompt" in both the Internet and Local Intranet zones. To do this, again select Internet Options from the Tools menu in IE. Click the Security tab. Click the Internet zone and then select Custom Level. Scroll down to the Scripting section and set Active Scripting to Prompt. Repeat the same steps for the Local Intranet zone.

As Microsoft warns, tweaking these settings could prevent access to certain Web sites.
Even changing the setting to "prompt" will trigger an annoying message anytime you hit a Web site that uses ActiveX controls asking if you want to allow or block the site.

Microsoft's own Windows update sites -- *.windowsupdate.microsoft.com and *.update.microsoft.com -- rely on ActiveX control to install available updates.

You can add sites that you trust to the Trusted sites zone through Internet Options. But this can be time-consuming since you have to add them on an individual basis.

As a result, the easiest option is to just not use Internet Explorer, at least not while this exploit remains in the wild. Individual users can switch to Firefox, Chrome, or another browser. Organizations that have standardized on Internet Explorer face a tougher challenge. So the onus now is on Microsoft to fix this hole as quickly as possible.

You can learn more about the security flaw and possible workarounds through Microsoft's Security Advisory.

 Source :- www.cnet.com by Lance Whitney