Microsoft Releases Emergency Security Update for Actively Exploited Vulnerability

cageymaru

cageymaru

Fully [H]
Joined
Apr 10, 2003
Messages
22,092
Microsoft has released an emergency security update to patch an actively exploited vulnerability in Internet Explorer. CVE-2018-8653 addresses a remote code execution vulnerability caused by the way the scripting engine handles objects in Internet Explorer. The exploit corrupts memory in such as way that an attacker can execute arbitrary code in the context of the current user. The attacker will have the same rights as the current user. If the user is logged in as an administrative rights user then the attacker can change, delete, install, create new accounts or view any data that they wish. Web-based attackers can create a website designed to trigger the exploit. I ran Windows Update and it installed the update in a few seconds.

The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.
 
That's no good, my company is still heavily reliant on IE11 because we use Oracle EBS r12.
 
I read this post while in the office, I was thinking I should probably log into Intune and push out the update and right at that moment I saw one my employees' computers rebooting and applying an update out of the corner of my eye. So much for having to approve updates.
 
1.4 GB Cumulative Update for Windows 10 LTSC 1607 x64 just to patch IE11?

oO

Okkayy... here it goes - downloading it now.
 
52 Megs just to patch IE11 on Win7x64?! :D

Does this exploit work if one never uses IE11 for anything on the web or is it self-contaminating just sitting on the disk?
 
clockdogg said:
52 Megs just to patch IE11 on Win7x64?! :D

Does this exploit work if one never uses IE11 for anything on the web or is it self-contaminating just sitting on the disk?
Click to expand...

Many Windows programs use IE to display http content, e.g. Steam.

Without running IE directly you could inadvertently run malicious code which uses this exploit.
 
IE has damaged windows users more than any other program most likely.
 
brogers said:
That's no good, my company is still heavily reliant on IE11 because we use Oracle EBS r12.
Click to expand...

Oracle and their outdated systems. I remember when my University switched their student system to them, took years for them to get things working correctly in non IE browsers (which at the time, was just about every student). So ridiculous.
 
EchtoGammut said:
I read this post while in the office, I was thinking I should probably log into Intune and push out the update and right at that moment I saw one my employees' computers rebooting and applying an update out of the corner of my eye. So much for having to approve updates.
Click to expand...


and that right there is one of the issues i have with win10 updates. That, and you cannot reboot a computer without installing updates
 
EchtoGammut said:
I read this post while in the office, I was thinking I should probably log into Intune and push out the update and right at that moment I saw one my employees' computers rebooting and applying an update out of the corner of my eye. So much for having to approve updates.
Click to expand...
un fucking believable
 
https://mspoweruser.com/surprise-emergency-ie-patch-preventing-some-pcs-from-booting/

Surprise! Emergency IE patch preventing some PCs from booting


lul-lol.jpg
 
yuppers, was wondering what the update an evening to two ago was about
 
naib said:
https://mspoweruser.com/surprise-emergency-ie-patch-preventing-some-pcs-from-booting/

Surprise! Emergency IE patch preventing some PCs from booting


View attachment 129696
Click to expand...

I actually took the time to read the article and not the usual MSPOWERUSER click bait title. "Some PCs"? You mean some specific Lenovo laptops with less than 8GB of ram, Secure boot enabled and possibly using Bootlocker. In other words, someone neglected to make their machines properly secure and now it is coming back to bite them in the butt, IE: Lenovo themselves.

Edit: There is an actual fix and it effects very few and yet, they are doing something about it anyways. No, I think FaaS would be a not good idea but this is probably a reason why they want it.
 
ManofGod said:
I actually took the time to read the article and not the usual MSPOWERUSER click bait title. "Some PCs"? You mean some specific Lenovo laptops with less than 8GB of ram, Secure boot enabled and possibly using Bootlocker. In other words, someone neglected to make their machines properly secure and now it is coming back to bite them in the butt, IE: Lenovo themselves.

Edit: There is an actual fix and it effects very few and yet, they are doing something about it anyways. No, I think FaaS would be a not good idea but this is probably a reason why they want it.
Click to expand...
lul-lol.jpg
 
You must log in or register to reply here.
Back
Top