From: Securosis Highlights – Internet Explorer 8 0-Day Bypasses Patch

Posted on 2013/01/04


a quick re-post from Securosis Highlights https://securosis.com/blog/internet-explorer-8-0-day-bypasses-patch

Internet Explorer 8 0-Day Bypasses Patch by (author unknown)

A good update at Threatpost:

Their new exploit beat a fully patched Windows system running IE 8, the same version of the browser exploited by malware used in watering hole attacks against a number of political and manufacturing websites, including the Council on Foreign Relations in the U.S., and Chinese human rights site Uygur Haber Ajanski.

More motivation to move to updated browsers, as difficult as that often is. I’m really hoping IE 10 can break this cycle a bit (and I bet Microsoft is as well). Still, IE 8 is only a bit over 3 years old, which isn’t all that ancient compared to XP.

If you are stuck on old browsers, and have the capability, take a strong look at EMET. Kills most of these attacks cold.

– Rich
(0) Comments

Posted in: reading