OT: Heads up--IE vulnerability and trivial fix

riredale wrote on 4/30/2014, 9:23 AM

Apparently there is a way that a person with malicious intent can get into a user's PC via Internet Explorer. Not only that, but most versions of IE.

Though MS will probably issue a patch at some point, there is apparently a trivial way to stop this potential infection, and it applies to XP users, too. This website recommends simply disconnecting the old VML subsystem within IE with a one-line command. They claim that the user experience will not be affected, since very few web pages use VML any more.

Or use a different browser than Internet Explorer.

Comments

Steve Mann wrote on 4/30/2014, 9:43 PM

Or just use Chrome.

JohnnyRoy wrote on 4/30/2014, 10:35 PM

> "Or just use Chrome."

+1

Why anyone would want to use a virus magnet like IE is beyond me, I haven't used it in years. I would avoid the other virus magnet called Adobe Flash player too. Use Chrome!

~jr

Rob Franks wrote on 5/1/2014, 5:58 AM

"and it applies to XP users, too."

That's not what I heard.
CBC news said XP was out in the dark with no solutions for a patch and Microsoft has stopped updating XP.

It was suggested that XP users stop using IE all together.

farss wrote on 5/1/2014, 7:06 AM

You're worried about this about 1 week after a major flaw was discovered in SSL?

The Heartbleed Bug

[I]The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.[/I]

The only way to protect yourself from this is to hope every website that you're using for secure transactions has patched the bug and then change your password(s)

Bob..

JJKizak wrote on 5/1/2014, 7:45 AM

Why is Chrome less vulnerable?
JJK

craftech wrote on 5/1/2014, 7:54 AM

Thanks Riredale. I just executed the command line "regsvr32 -u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll."

With respect to some of the comments here regarding other browsers, the article Riredale linked said the following:

"People say one browser is more secure than another, but this can happen in any browser or application," Aviv Raff, chief technology officer with Seculert, told the E-Commerce Times.

"The reason this browser was targeted was because they knew their targeted entity was using the browser," he added. "If someone is using Chrome or Firefox, and they want to target them, they'll find a vulnerability."

John

Former user wrote on 5/1/2014, 7:57 AM

I have used IE almost exclusively for years. I have not had a virus in years. It works with all sites, unlike some of the other browsers.

Dexcon wrote on 5/1/2014, 8:08 AM

Same here - no problems with IE.

I have more problems with my landline phone with scammers ringing saying that they're from XXXX computer company (originally from Microsoft tech support) and they've identified a problem with my computer - including at a time when I'd just moved into a new house with a temporary phone number and with no internet connection or computer at the house. I am so sarcastic with those scammers now that they hang up fairly quickly.