{"id":494,"date":"2013-01-02T10:01:27","date_gmt":"2013-01-02T15:01:27","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=494"},"modified":"2013-01-02T10:01:27","modified_gmt":"2013-01-02T15:01:27","slug":"microsoft-says-ie-6-7-and-8-vulnerable-to-remote-code-execution","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2013\/01\/02\/microsoft-says-ie-6-7-and-8-vulnerable-to-remote-code-execution\/","title":{"rendered":"Microsoft says IE 6, 7, and 8 vulnerable to remote code execution"},"content":{"rendered":"<p>On Saturday, Microsoft published a security advisory warning users of Internet Explorer 6, 7, and 8 that they could be vulnerable to remote code execution hacks. The company said that users of IE 9 and 10 were not susceptible to similar attacks and recommended that anyone using the older browsers upgrade. Still, customers who still run Windows XP can not upgrade to IE 9 and 10 without upgrading their OS.<br \/>\nMicrosoft&#8217;s confirmation comes after reports from several security groups that the attack sprung from the Council of Foreign Relations website, creating a \u201cwatering hole attack\u201d that left people who visited the site through older versions of the browser open to further attack.<br \/>\nThe company has released a workaround for the problem, and said that it is working on a patch for IE 6, 7, and 8, but did not give a time period as to when those patches would be released. The Council of Foreign Relations told The Washington Free Beacon that it was investigating the situation and working to prevent security breaches like this down the line.<br \/>\nAccording to The Next Web, the CFR website was compromised with JavaScript that served malicious code to older IE browsers whose language was set to \u201cEnglish (US), Chinese (China), Chinese (Taiwan), Japanese, Korean, or Russian.\u201d The code then created a heap-spray attack using Adobe Flash Player.<br \/>\nWhile some reports claim that the attack was traced to Chinese hackers, this is unconfirmed. Computerworld describes the hack as highly targeted, however: \u201cIn a watering hole campaign, hackers identify their intended targets, even to the individual level, then scout out which websites they frequently visit. Attackers next compromise one or more of those sites, plant malware on them, and like a lion waits at a watering hole for unwary wildebeests, wait for unsuspecting users to surf there.\u201d<br \/>\nComputerworld also points out that this vulnerability is similar in timing to a vulnerability that occurred December 28 last year, which Ars reported as having compromised a long list of technologies, including Microsoft&#8217;s ASP.NET. Microsoft then published a workaround for ASP.NET website admins in the wake of the discovery of the exploit.<br \/>\nvia <a href=\"http:\/\/arstechnica.com\/security\/2012\/12\/microsoft-says-ie-6-7-and-8-vulnerable-to-remote-code-execution\/\" target=\"_blank\">Microsoft says IE 6, 7, and 8 vulnerable to remote code execution | Ars Technica<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>On Saturday, Microsoft published a security advisory warning users of Internet Explorer 6, 7, and 8 that they could be [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[5,7,9,11],"tags":[341,536,680,1178],"class_list":["post-494","post","type-post","status-publish","format-standard","hentry","category-microsoft","category-security","category-software","category-windows","tag-exploit","tag-internet-explorer","tag-microsoft-2","tag-vulnerability"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-7Y","jetpack-related-posts":[{"id":5710,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/06\/10\/microsoft-pushes-out-massive-security-update-for-internet-explorer\/","url_meta":{"origin":494,"position":0},"title":"Microsoft pushes out massive security update for Internet Explorer","author":"NCCT","date":"June 10, 2014","format":false,"excerpt":"Microsoft pushes out massive security update for Internet Explorer Six down, six to go. Today is the Microsoft Patch Tuesday for June, and it comes with seven new security bulletins. The good news is that five of the seven are only rated as Important, but one of the two Critical\u2026","rel":"","context":"In &quot;Microsoft&quot;","block_context":{"text":"Microsoft","link":"https:\/\/nccomputertech.com\/techtalk\/category\/microsoft\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2941,"url":"https:\/\/nccomputertech.com\/techtalk\/2013\/07\/16\/ie10-captures-second-place-among-microsofts-browsers\/","url_meta":{"origin":494,"position":1},"title":"IE10 captures second place among Microsoft&#039;s browsers","author":"NCCT","date":"July 16, 2013","format":false,"excerpt":"Internet Explorer 10 (IE10) jumped into second place among Microsoft's browsers last month, pushing past IE9 through an enforced upgrade. IE10's user share climbed from 16.5 percent to a record 24 percent of all copies of Internet Explorer in June, according to Web measurement firm Net Applications. Among Microsoft's five\u2026","rel":"","context":"In &quot;Microsoft&quot;","block_context":{"text":"Microsoft","link":"https:\/\/nccomputertech.com\/techtalk\/category\/microsoft\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":5780,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/06\/17\/preview-cutting-edge-internet-explorer-features-early-with-new-test-build-browser\/","url_meta":{"origin":494,"position":2},"title":"Preview cutting-edge Internet Explorer features early with new test build browser","author":"NCCT","date":"June 17, 2014","format":false,"excerpt":"Developers can try out new features of the next version of Internet Explorer using a test edition Microsoft has released for their use. The Internet Explorer Developer Channel, which can be downloaded for Windows 8.1 and Windows 7 SP1, runs independently of the user\u2019s copy of IE, allowing programmers to\u2026","rel":"","context":"In &quot;Microsoft&quot;","block_context":{"text":"Microsoft","link":"https:\/\/nccomputertech.com\/techtalk\/category\/microsoft\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":6254,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/08\/20\/internet-explorer-running-slow-dialog-boxes-could-be-at-fault\/","url_meta":{"origin":494,"position":3},"title":"Internet Explorer running slow? Dialog boxes could be at fault","author":"NCCT","date":"August 20, 2014","format":false,"excerpt":"If you\u2019ve noticed Internet Explorer running slowly lately\u2014or just halting altogether\u2014here\u2019s one possible cause: dialog boxes. On Friday, the same day that Microsoft recommended users download the latest updates for Windows 7 and 8, Microsoft issued a hotfix for Internet Explorer. According to a support article issued Friday, \"web applications\u2026","rel":"","context":"In &quot;Microsoft&quot;","block_context":{"text":"Microsoft","link":"https:\/\/nccomputertech.com\/techtalk\/category\/microsoft\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":5958,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/07\/10\/crypto-certificates-impersonating-google-and-yahoo-pose-threat-to-windows-users\/","url_meta":{"origin":494,"position":4},"title":"Crypto certificates impersonating Google and Yahoo pose threat to Windows users","author":"NCCT","date":"July 10, 2014","format":false,"excerpt":"People using Internet Explorer and possibly other Windows applications could be at risk of attacks that abuse counterfeit encryption certificates recently discovered masquerading as legitimate credentials for Google, Yahoo, and possibly an unlimited number of other Internet properties. A blog post published Tuesday by Google security engineer Adam Langley said\u2026","rel":"","context":"In &quot;Microsoft&quot;","block_context":{"text":"Microsoft","link":"https:\/\/nccomputertech.com\/techtalk\/category\/microsoft\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2014\/07\/disguise-kit-640x728.jpg?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2014\/07\/disguise-kit-640x728.jpg?resize=350%2C200 1x, https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2014\/07\/disguise-kit-640x728.jpg?resize=525%2C300 1.5x"},"classes":[]},{"id":6231,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/08\/11\/microsoft-to-issue-many-windows-patches\/","url_meta":{"origin":494,"position":5},"title":"Microsoft to issue many Windows patches","author":"NCCT","date":"August 11, 2014","format":false,"excerpt":"Microsoft has released their advance notification for the August 2014 Patch Tuesday updates. There will be a total of nine updates issued next Tuesday, August 12, two of them rated critical. The two critical bugs affect Windows and Internet Explorer. The critical Windows update affects only business and professional editions\u2026","rel":"","context":"In &quot;Microsoft&quot;","block_context":{"text":"Microsoft","link":"https:\/\/nccomputertech.com\/techtalk\/category\/microsoft\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/494","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=494"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/494\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=494"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=494"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=494"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}