Good Sam Community

Captain Obvious wrote:
This is not an IE problem. This is another Adobe Flash bug.
Chrome & Firefox on Windows, Mac, & Linux are also affected.

Not really- from http://www.kb.cert.org/vuls/id/222929

"CERT" wrote:
Note that this vulnerability is being exploited in the wild. Although no Adobe Flash vulnerability appears to be at play here, the Internet Explorer vulnerability is used to corrupt Flash content in a way that allows ASLR to be bypassed via a memory address leak. This is made possible with Internet Explorer because Flash runs within the same process space as the browser. Note that exploitation without the use of Flash may be possible.

This is not an IE problem. This is another Adobe Flash bug.
Chrome & Firefox on Windows, Mac, & Linux are also affected.

The media seems bent on trashing MS & IE & XP.

There is a patch for IE versions 10 & 11 for systems running Windows 8 & 8.1 because it contains a built-in version of Flash that needs updating. If you use Firefox, you must also install the update from Adobe. If you use Chrome, your browser should update automatically.

http://helpx.adobe.com/security/products/flash-player/apsb14-13.html

If you are still using XP, all you need to do is update Flash.

Another tip- never ever, ever use a computer as an administrator unless you are installing or removing software. You should have a user account with no privileges to make changes to the system, and use that for everyday tasks.

1775 wrote:

This was all over national news this afternoon. The problem with XP IE is that MS is saying too bad, too late!

Just don't use IE no matter what Win OS. There are plenty of better browsers out there.

Actually, it is a bit more delicious than this for those of us that are all of a sudden the most irresponsible slobs on the internet for using XP...the exploits of IE to date have all been on IE 9, 10, and 11, making W7 and W8 the most insecure systems.

This goes way beyond XP and involves IE on all Windows OS -

http://www.usatoday.com/story/news/usanow/2014/04/28/internet-explorer-bug-homeland-security-clandes...

This was all over national news this afternoon. The problem with XP IE is that MS is saying too bad, too late!

Just don't use IE no matter what Win OS. There are plenty of better browsers out there.

1492 wrote:
The issue is that the version of IE that is compatible with WIN XP is no longer supported with security patches/updates. And, considering, that browsers have become the among the number one app used to exploit user's systems in all OS platforms, behooves the point to use an updated and more secure browser such as Firefox or Chrome. Browsers are among the first layer of security.

+1. Firewalls like Cisco's PIX (now ASA) have made direct external attacks pretty much a thing of the past. Replacing that are exploits in browsers and browser add-ons. This is why I recommend to people to use software that blocks by IP (ad-blocking software for example), as well as running the browser in a sandbox or VM, or both. This way, if the browser gets compromised, it will not affect anything out of that.

It also helps to keep one browser/sandbox for your general browsing, and use another browser for your sensitive stuff (banking.)

I personally switch between both Chrome and Firefox. Chrome has its own sandboxing, so I use that for most things.

As for IE... it isn't that bad, but because all the bad guys are going after that, using another Web browser is a very good security precaution.

From:


US-CERT is aware of active exploitation of a use-after-free vulnerability in Microsoft Internet Explorer. This vulnerability affects IE versions 6 through 11 and could lead to the complete compromise of an affected system.

US-CERT recommends that users and administrators enable Microsoft EMET where possible and consider employing an alternative web browser until an official update is available.

Link to US-CERT article.

See also: Vulnerability Note VU#222929

Dog Folks wrote:


... now after all these years XP is not good for this...not good for that... IE is no good...

All these things cannot be directly attributed to the end of support.

Has XP been that bad all these years? I don't think so. I can't help to think that here is "marketing" going on by Microsoft to encourage users to switch to Windows 8.

Anyone who is paying any attention to how MS is handling the end-of-service for its most successful OS, XP, and who will still defend MS tactics and doubletalk...well, something should be said about trustworthiness.

The issue is that the version of IE that is compatible with WIN XP is no longer supported with security patches/updates. And, considering, that browsers have become the among the number one app used to exploit user's systems in all OS platforms, behooves the point to use an updated and more secure browser such as Firefox or Chrome. Browsers are among the first layer of security.

bwanshoom wrote:

Dog Folks wrote:
I am not a big fan of conspiracy theories, but I wonder why all of a sudden, Microsoft says XP is no good now, that they have Windows 8 to sell?

XP is old. There have been 3 major versions of operating systems from Microsoft after XP. Software like any technology evolves over time.

The support life of XP has been published since day 1 so there is no conspiracy here at all - it's end of support life was not a secret. It might be "all of a sudden" to the general public, but to IT support folks they've known for well over a decade when XP was going to be retired.

I agree and understand with what you say, but, now after all these years XP is not good for this...not good for that... IE is no good...

All these things cannot be directly attributed to the end of support.

Has XP been that bad all these years? I don't think so. I can't help to think that here is "marketing" going on by Microsoft to encourage users to switch to Windows 8.

burlmart wrote:
Not sure if MS owns Forbes media or vice versa, but they have a ridiculous article on this IE subject. It is squarely focused on XP. It repeats that MS advises XP users to upgrade to a more secure version of Windows ASAP.

So, if you are so gullible as to fall for their BS, get off XP right now and upgrade to a secure W7 or W8.1. Oh, but use some other browser, because your super secure OS 'upgrade' has an un-fixed zero-day virus. (Don't worry, this will be fixed and there will never ever be another security threat using your new MS stuff.)

No current OS, regardless of marketing hype, has not been exploited by vulnerabilities. It's a fact of life, and all will require patching.

Microsoft has supported WIN XP with program/security updates longer than other OS. Just how long should a company support an outdated and less secure OS?

True, WIN XP will continue to function for years if not a decade or more, so long as user's programs and hardware are still supported. And may be relatively secured if one incorporates a multi-layered security plan.

However, those working in IT know the risk of a now unsupported WIN XP entails. In fact, one popular museum(s) I work with in DC will begin blocking WIN XP systems access to its Intranet after June 1.

One can be in denial, which may be due more to not understanding the technical concerns, but doesn't change the fundamental security issues involved.

Dog Folks wrote:
I am not a big fan of conspiracy theories, but I wonder why all of a sudden, Microsoft says XP is no good now, that they have Windows 8 to sell?

XP is old. There have been 3 major versions of operating systems from Microsoft after XP. Software like any technology evolves over time.

The support life of XP has been published since day 1 so there is no conspiracy here at all - it's end of support life was not a secret. It might be "all of a sudden" to the general public, but to IT support folks they've known for well over a decade when XP was going to be retired.

I am not a big fan of conspiracy theories, but I wonder why all of a sudden, Microsoft says XP is no good now, that they have Windows 8 to sell?

Saw that this morning. Story said that 15-25% of computers worldwide are still running XP.