[Important] Emergency security patch issued by Microsoft to squash Internet Explorer zero day exploit

[Howlin0001]

For those of you who use IE (or know people who do):

Microsoft has released an out-of-cycle security update to protect Internet Explorer users against a vulnerability that was being exploited by malicious hackers.

Earlier this week Microsoft announced it would be issuing Security Update MS12-063, following the discovery last weekend by researcher Eric Romang that the previously unknown vulnerability was being used by a hacking gang to infect computers with the Poison Ivy Trojan.

Normally Microsoft releases security updates on a monthly schedule (known as "Patch Tuesday"), but as the heat rose with exploits using the attack and the likes of the German government urging users to stop using Internet Explorer, the software giant rightly moved to release an out-of-band emergency patch.

As well as defending against the zero-day vulnerability in versions of Internet Explorer, Microsoft's security patch reportedly resolves four other remote code execution vulnerabilities that Microsoft says are not currently being exploited.

http://sophosnews.files.wordpress.com/2012/09/sep-12-vulns.jpg

In my opinion, computer users should be grateful for Microsoft's response. They managed to create, test and roll out a patch for the Internet Explorer security vulnerabilty Romang discovered being exploited by malicious hackers within a week.

That's not just good news for those who love Internet Explorer. All of us on the net reap the benefits when vulnerabilities are patched, as it gives malicious attacks less opportunities to spread.

Now it's the turn of businesses to roll out the patch across their computers, and for home users to install the security update (hopefully most of them have automatic updates enabled).

 

 

http://nakedsecurity...ro-day-exploit/

[JeRambo]

Thanks for the heads up. =P.

 

Glad I don't use IE. Chrome FTW!

[Kaida23]

I'm actually installing this update right now. :)

 

I don't usually use IE, but the manufacturers of several pieces of equipment I service offer online training that will only run in IE.

[D. V. Devnull]

[bLEEP] Internut Exploder! FireFox FTW!!! \:D/

 

Thanks for telling us, though. :D

 

~D. V. "I.E. -- IMHO, why we can't have nice things..." Devnull

[Sbrideau]

[bLEEP] Internut Exploder! FireFox FTW!!! \:D/

 

Thanks for telling us, though. :D

 

~D. V. "I.E. -- IMHO, why we can't have nice things..." Devnull

 

Not to burst your bubble, but Firefox is as bad as IE now. And I post that even if I have trouble getting off of Firefox myself, not wanting to lose all my customization.

[D. V. Devnull]

<<<snip>>>

 

Not to burst your bubble, but Firefox is as bad as IE now. And I post that even if I have trouble getting off of Firefox myself, not wanting to lose all my customization.

Sadly, I know this feeling. I've been in the middle of both RuneScape and other java-based games (e.g.: Steel Sentinels) and FireFox seems to love to let its' JavaScript Garbage Collector lock up this poor little single-core system that I'm typing this post from. It basically makes the Java Applet unusable while FireFox's JSGC is doing its' thing. (Result: I've actually lost rating on Steel Sentinels, and almost gotten killed a few times on RuneScape.) Strangely, by running Flash Applets in the in-process mode instead of over in the plugin container, those seem to be far less affected when JSGC decides to suddenly trigger. Unfortunately, there really isn't a good browser to move over to, just because of the overall mentality of all the browser makers and Java's developers. Worse now, there isn't a way to run Java how I need it, as an in-process item. :(

 

And before you ask, I've already tried tons of tweaking to back off the JSGC on FireFox... Nothing works, and with my current settings, it shouldn't be doing it more often than 10 hours apart for a full sweep. Especially since I've told it not to auto-trigger at closer than 448 MB allocations since the last sweep, which I very much know isn't being reached. Neither is the 512 MB JavaScript Heap limit that I've set. :wall:

 

~D. V. "Knowing this headache all too well..." Devnull

[Sbrideau]

I have no trouble with Java and Firefox, it's for other reasons that I posted that, and they are not related to Java at all. Could have to do with the fact that I have given a 2GB limit to heap and such with Java, which gives it enough RAM when it needs it. I do have a crashing problem though, which is why I'm still running version 11 when Version 15 is out cause 11 is the only one not crashing. I was posting more on the security side of things. Firefox isn't as good as it used to be and I don't think it should be used anymore.

[Karvinen]

Could have to do with the fact that I have given a 2GB limit to heap and such with Java, which gives it enough RAM when it needs it.

Are you using 32 bit or 64 bit Java?

 

For 32 bit, reserving 2GB of the process virtual address space is invalid, since 2GB is the whole user mode address space. Java should not even start with that setting. If you run RS in a browser, it will work simply because the parameters specified in the HTML page (which includes -Xmx256m) will be honoured over the user set parameters.

[Sbrideau]

Could have to do with the fact that I have given a 2GB limit to heap and such with Java, which gives it enough RAM when it needs it.

Are you using 32 bit or 64 bit Java?

 

For 32 bit, reserving 2GB of the process virtual address space is invalid, since 2GB is the whole user mode address space. Java should not even start with that setting. If you run RS in a browser, it will work simply because the parameters specified in the HTML page (which includes -Xmx256m) will be honoured over the user set parameters.

 

I'm using 64bit Java. Anyway I prefer giving it too much so it can use what it needs than not giving it enough.