IE Exploit in version 6, 7, and 8.
You most likely know about this exploit and I know you have updated and patched IE since the patch was released the other day.
I am posting this as a small reminder that it is time to start looking at upgrading a few things.
Google is dropping support for IE 8 relating to online apps.
That means, 9 or 10 if you are going to run only IE.
But as many of us do we run IE, Chrome, Firefox and other flavors because they all have issues. (More about that with my reviews coming soon regarding what works with IE 8 but not 9 and with Firefox but not Chrome)
NOTE: I have read on other sites that IE 9 is included in this exploit. According to the security bulletin IE 9 and IE 10 do not apply. If you know otherwise please send me the link to the microsoft.com or sans site.
Microsoft Security Bulletin MS13-008 - Critical
Security Update for Internet Explorer (2799329)
Published:Monday, January 14, 2013
This security update resolves one publicly disclosed vulnerability in Internet Explorer. The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Here's the download link for IE 8 in Windows 7: http://www.microsoft.com/en-us/download/details.aspx?id=36413
If you are still running Windows XP with IE 8 here's your download link: http://www.microsoft.com/en-us/download/details.aspx?id=36418
You are really advised to start looking into a new OS if you are not currently running Windows 7.
Now, I have been working with Ubuntu for about a year now and find for the most part less custom software you can do just about anything you do now with a stock computer OS.
Ok, key, do not surf or use your computer as an administrator when you don't have to.
You can create a standard user to do everything you need. You can link or short cut to common files and folders so you can share data between users.
It's important to not be on your computer as an admin all the time.
The exploit takes your permissions and if you offer full permissions you will never know if you have been attacked.. Well, that's until you discover things missing or messed up. Unless it's protected software and data the hacker is looking for, then you will never know.
I've noticed that many internal corporate websites and online training sites are not working with new versions of IE and Chrome and not with older version of Firefox but with newer versions.
Basically I have had to use 3 browsers to do simple tasks for work.
IE 8 works on most of the older training modules many companies use but Google Apps doesn't support IE 8 and Microsoft will be dropping it sooner than you think.
What works with IE 8 and doesn't work with IE 9 or IE 10 seems not to work with Google Chrome 23 or 24 but does work with Firefox 17 and 18.
I know, to work in today's corporate and keep some security it appears that you have to run Firefox and IE.
My advice is this, download the update for IE and select a second and third web browser. I seem to be bouncing between IE, Firefox and Chrome sharing bookmarks and settings more this year than any year in the past.
I can't wait until it's all HTML 5 and we have some items set in stone for standards.
At this time I have IE 9 patched, Firefox 18 and Chrome 24.0.1312 installed.