cageymaru

Fully [H]
Joined
Apr 10, 2003
Messages
21,359
Microsoft has released an emergency security update to patch an actively exploited vulnerability in Internet Explorer. CVE-2018-8653 addresses a remote code execution vulnerability caused by the way the scripting engine handles objects in Internet Explorer. The exploit corrupts memory in such as way that an attacker can execute arbitrary code in the context of the current user. The attacker will have the same rights as the current user. If the user is logged in as an administrative rights user then the attacker can change, delete, install, create new accounts or view any data that they wish. Web-based attackers can create a website designed to trigger the exploit. I ran Windows Update and it installed the update in a few seconds.

The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.
 

brogers

Weaksauce
Joined
Sep 8, 2004
Messages
66
That's no good, my company is still heavily reliant on IE11 because we use Oracle EBS r12.
 

EchtoGammut

2[H]4U
Joined
May 7, 2007
Messages
3,758
I read this post while in the office, I was thinking I should probably log into Intune and push out the update and right at that moment I saw one my employees' computers rebooting and applying an update out of the corner of my eye. So much for having to approve updates.
 
Joined
Nov 1, 2006
Messages
562
1.4 GB Cumulative Update for Windows 10 LTSC 1607 x64 just to patch IE11?

oO

Okkayy... here it goes - downloading it now.
 

clockdogg

[H]ard|Gawd
Joined
Dec 12, 2007
Messages
1,175
52 Megs just to patch IE11 on Win7x64?! :D

Does this exploit work if one never uses IE11 for anything on the web or is it self-contaminating just sitting on the disk?
 

risc

Handle with Kid Gloves
Joined
May 18, 2017
Messages
188
52 Megs just to patch IE11 on Win7x64?! :D

Does this exploit work if one never uses IE11 for anything on the web or is it self-contaminating just sitting on the disk?

Many Windows programs use IE to display http content, e.g. Steam.

Without running IE directly you could inadvertently run malicious code which uses this exploit.
 

B00nie

[H]F Junkie
Joined
Nov 1, 2012
Messages
9,327
IE has damaged windows users more than any other program most likely.
 

Spidey329

[H]F Junkie
Joined
Dec 15, 2003
Messages
8,683
That's no good, my company is still heavily reliant on IE11 because we use Oracle EBS r12.

Oracle and their outdated systems. I remember when my University switched their student system to them, took years for them to get things working correctly in non IE browsers (which at the time, was just about every student). So ridiculous.
 

katanaD

[H]ard|Gawd
Joined
Nov 15, 2016
Messages
1,987
I read this post while in the office, I was thinking I should probably log into Intune and push out the update and right at that moment I saw one my employees' computers rebooting and applying an update out of the corner of my eye. So much for having to approve updates.


and that right there is one of the issues i have with win10 updates. That, and you cannot reboot a computer without installing updates
 

Jim Kim

2[H]4U
Joined
May 24, 2012
Messages
3,913
I read this post while in the office, I was thinking I should probably log into Intune and push out the update and right at that moment I saw one my employees' computers rebooting and applying an update out of the corner of my eye. So much for having to approve updates.
un fucking believable
 

naib

[H]ard|Gawd
Joined
Jul 26, 2013
Messages
1,289
https://mspoweruser.com/surprise-emergency-ie-patch-preventing-some-pcs-from-booting/

Surprise! Emergency IE patch preventing some PCs from booting


lul-lol.jpg
 

HAL_404

[H]ard|Gawd
Joined
Dec 16, 2018
Messages
1,240
yuppers, was wondering what the update an evening to two ago was about
 

ManofGod

[H]F Junkie
Joined
Oct 4, 2007
Messages
12,667

I actually took the time to read the article and not the usual MSPOWERUSER click bait title. "Some PCs"? You mean some specific Lenovo laptops with less than 8GB of ram, Secure boot enabled and possibly using Bootlocker. In other words, someone neglected to make their machines properly secure and now it is coming back to bite them in the butt, IE: Lenovo themselves.

Edit: There is an actual fix and it effects very few and yet, they are doing something about it anyways. No, I think FaaS would be a not good idea but this is probably a reason why they want it.
 

naib

[H]ard|Gawd
Joined
Jul 26, 2013
Messages
1,289
I actually took the time to read the article and not the usual MSPOWERUSER click bait title. "Some PCs"? You mean some specific Lenovo laptops with less than 8GB of ram, Secure boot enabled and possibly using Bootlocker. In other words, someone neglected to make their machines properly secure and now it is coming back to bite them in the butt, IE: Lenovo themselves.

Edit: There is an actual fix and it effects very few and yet, they are doing something about it anyways. No, I think FaaS would be a not good idea but this is probably a reason why they want it.
lul-lol.jpg
 
Top