Monday, April 28, 2014

Internet Explorer finds a new vulnerability to honeypots


Technology media sources are reporting a vulnerability in Microsoft Internet Explorer, versions 6 to 11,  The problem lies in the way IE handles objects that have been deleted but are still in memory. Reports indicate than an attacker could get control of the victim’s Windows-based PC by visiting a “honeypot” website with a certain payload. 
   
Microsoft has not as, of this writing, yet released a fix.  Most likely, a new IE module (about a 40 meg download) will be released soon by itself as an automatic update, and it should be done immediately. The fix would not be released to users of Windows XP, however, since their support is discontinued. 

WONTFix has a detailed story here. about vulnerability CVE-2014-1776, National Vulnerability Database link

It seems that it’s safer right now for users to stay with Chrome or Firefox.  I have found, however, than on smaller notebooks, Wordpress and Shockwave do not work properly in combination in these two but do in Internet Explorer!  

No comments: