"Attention all Windows users: patch your systems now"

cheesehead · 2012-06-16, 17:41

Yesterday and again a few hours ago, an anti-virus scan of my system found and repaired what might have been the results of an exploit of the bug that is the subject of the following article. AVG Anti-Virus Free Edition found and fixed "corrupted" code in three IE modules (SymantecPlugin[1].dll, UniblueDriverScannerPlugin[1].dll and GooglePlugin[1].dll). This is the first time in several years that any anti-virus software I've used has found an actual problem on my system.

I had not applied the latest Windows patches, which Microsoft posted Tuesday, until last night.

"Attention all Windows users: patch your systems now"

http://arstechnica.com/security/2012...ers-patch-now/

Quote:

Online attackers are actively exploiting a vulnerability in Internet Explorer that allows them to execute malicious code on computers that visit booby-trapped websites, researchers said in an advisory that underscores the importance of installing a Microsoft patch as soon as possible.

The exploit of a critical IE bug, reported by researchers from antivirus provider McAfee, means there are two newly disclosed vulnerabilities in Microsoft products under attack. On Tuesday, Microsoft warned of a separate vulnerability in all supported versions of Windows that was also actively being exploited.

The most immediate significance of the McAfee report is this: If you run Windows and haven't installed Tuesday's batch of security fixes, you should stop whatever else you're doing and run them now.

. . .

firejuggler · 2012-06-16, 17:45

IE? which self-respecting Internet user still use it? (beside corporation?)

science_man_88 · 2012-06-16, 17:47

Quote:

Originally Posted by cheesehead

Yesterday and again a few hours ago, an anti-virus scan of my system found and repaired what might have been the results of an exploit of the bug that is the subject of the following article. AVG Anti-Virus Free Edition found and fixed "corrupted" code in three IE modules (SymantecPlugin[1].dll, UniblueDriverScannerPlugin[1].dll and GooglePlugin[1].dll). This is the first time in several years that any anti-virus software I've used has found an actual problem on my system.

I had not applied the latest Windows patches, which Microsoft posted Tuesday, until last night.

"Attention all Windows users: patch your systems now"

http://arstechnica.com/security/2012...ers-patch-now/

thanks for the heads up I'm still not sure what I can do about it scanning now and don't use IE but I have it so I might want what they have in case.

cheesehead · 2012-06-16, 17:48

Quote:

Originally Posted by firejuggler

IE? which self-respecting Internet user still use it? (beside corporation?)

If I want to download Windows patches, but I don't want to wait for the automatic background download, I have to use IE to go to the Microsoft Update site, which won't accept Firefox.

Added:

Once in a while, after I've downloaded the latest fixes, I stray from my usual discipline of immediately disconnecting (so that I don't use IE for any site other than Microsoft Update) and bring up some other website. This is a bad habit of mine, and may have been what allowed the invasion.

Also, once in a while some software package I'm using insists on invoking IE when I'm checking for updates. My policy is to shut that IE instance down ASAP, but sometimes I stray.

I credit my usual online discipline for not having had infections very often, but I'm not perfect.

ewmayer · 2012-06-16, 17:49

Guess it's a good thing I never touch IE, then.

Of course there are many websites which are IE-only in terms of functionality. My former workplace had many internal pages like this, but if they left themselves open to this kind of stuff, it was their employees' work PCs that were the potential victims, which serves 'em (the company, not the employees) right.

retina · 2012-06-16, 17:59

Quote:

Originally Posted by cheesehead

AVG Anti-Virus Free Edition found and fixed "corrupted" code in three IE modules (SymantecPlugin[1].dll, UniblueDriverScannerPlugin[1].dll and GooglePlugin[1].dll).

Some notes:

How do you know the AV is correct? How would you know if it was a false positive?
All those files are not core IE files, they are plugins that you have installed. Others may not even have such plugins so no reason to panic.
If you did really get infected by surfing then I would expect your surfing habits are quite different from other's habits so many others may have no reason to panic.
I haven't use IE for a very long time now, and I expect many others also never touch IE either, so again no need for them to panic.
These vulnerabilities are almost always related to JS so for those of use that don't run JS there is no reason to panic.

cheesehead · 2012-06-16, 18:15

Quote:

Originally Posted by retina

Some notes:

How do you know the AV is correct? How would you know if it was a false positive?
All those files are not core IE files, they are plugins that you have installed. Others may not even have such plugins so no reason to panic.
If you did really get infected by surfing then I would expect your surfing habits are quite different from other's habits so many others may have no reason to panic.
I haven't use IE for a very long time now, and I expect many others also never touch IE either, so again no need for them to panic.
These vulnerabilities are almost always related to JS so for those of use that don't run JS there is no reason to panic.

1a. The other AV doesn't find a problem in the first AV.

1b. I probably wouldn't unless some particular odd detail caught my eye.

2a. I've never voluntarily installed a plugin to IE by myself. The only things I've deliberately done to IE are to install the Microsoft patches. I don't know whether IE includes some plugins by default, or whether some Microsoft patch added an IE plugin. Also, some other software may, as part of its installation, have installed an IE plugin without asking my explicit permission or notifying me.

2b. (See 3b)

3a. I try, but I'm not perfect in my security habits. OTOH, the last time I found anything like this on my system was ... before 2003 ... so I consider it notable, but make no insistence that anyone else do so.

3b. You're the one mentioning panic, not me.

4. (See 3b)

5. (See 3b)

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
[Patch] "Test/Primenet" prompts improvements on console version	Explorer09	Software	2	2017-03-09 04:14
newPGen "Data Execution Prevention" on Windows Server R2 2012	MisterBitcoin	Software	4	2017-02-21 15:50
"Start at Bootup" option didn't work on Windows XP machine?	ixfd64	Software	1	2014-12-31 17:14
Is it worth the trouble to "upgrade" Windows 8 to Windows 7?	ixfd64	Lounge	23	2013-04-13 11:12
"Trusted" CPU/users	davieddy	PrimeNet	7	2011-11-09 19:49

2012-06-16, 17:45	#2
firejuggler "Vincent" Apr 2010 Over the rainbow 101101101011₂ Posts	IE? which self-respecting Internet user still use it? (beside corporation?)

2012-06-16, 17:49	#5
ewmayer ∂²ω=0 Sep 2002 República de Califo 2²×2,939 Posts	Guess it's a good thing I never touch IE, then. Of course there are many websites which are IE-only in terms of functionality. My former workplace had many internal pages like this, but if they left themselves open to this kind of stuff, it was their employees' work PCs that were the potential victims, which serves 'em (the company, not the employees) right.