Isn’t that special… :-P
From: [email protected] [mailto:[email protected]] On Behalf Of Rod Trent Sent: Monday, April 28, 2014 4:01 PM To: [email protected] Subject: RE: [NTSysADM] IE exploit BTW: Microsoft has a patch ready for IE10 and IE11 only – for Windows 8.x and Windows Server 2012… http://windowsitpro.com/msrc/flash-fix-ie-10-and-ie-11-only From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of David Lum Sent: Monday, April 28, 2014 4:56 PM To: [email protected]<mailto:[email protected]> Subject: RE: [NTSysADM] IE exploit Saw this on a forum today: ”We have one agency warning us of an exploit, and the other agency trying to use the exploit :)” FTW! -Dave Lum From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Rod Trent Sent: Monday, April 28, 2014 12:04 PM To: [email protected]<mailto:[email protected]> Subject: RE: [NTSysADM] IE exploit It’s not. Adobe has been working on today’s patch since early April, working with Kaspersky. The one announced over the weekend as identified by FireEye and Microsoft is working on a patch. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of David Lum Sent: Monday, April 28, 2014 3:00 PM To: [email protected]<mailto:[email protected]> Subject: RE: [NTSysADM] IE exploit Adobe’s patch addresses CVE-2014-0515 Microsoft’s address CVE-2014-1776 It’s possible they are linked, since this article does make them seem like the same attack vector, but I do not speek enough programmer-speak to know for sure: http://www.securelist.com/en/blog/8212/New_Flash_Player_0_day_CVE_2014_0515_used_in_watering_hole_attacks -Dave Lum From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of David McSpadden Sent: Monday, April 28, 2014 10:37 AM To: '[email protected]' Subject: RE: [NTSysADM] IE exploit I thought that is what I read in the MS articles? VML and Flash were the vector for the exploit? From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Rod Trent Sent: Monday, April 28, 2014 1:34 PM To: [email protected]<mailto:[email protected]> Subject: RE: [NTSysADM] IE exploit Yes, but that has nothing to do with the exploit reported over the weekend. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Kennedy, Jim Sent: Monday, April 28, 2014 1:13 PM To: [email protected]<mailto:[email protected]> Subject: RE: [NTSysADM] IE exploit Flash just released an update. http://helpx.adobe.com/security/products/flash-player/apsb14-13.html From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Rod Trent Sent: Monday, April 28, 2014 1:11 PM To: [email protected]<mailto:[email protected]> Subject: RE: [NTSysADM] IE exploit It’s all versions of Internet Explorer. However, supported versions will be patched. There are ways to mitigate: http://windowsitpro.com/windows/all-hands-deck-zero-day-reported-wild-affects-ie6-11 From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of David McSpadden Sent: Monday, April 28, 2014 1:05 PM To: [email protected]<mailto:[email protected]> Subject: RE: [NTSysADM] IE exploit Is it just XP or am I wrong that the 7’s, 8’s, and Server OS’s also an issue the way I am reading it. Especially if they have Adobe Flash (Not sure of version) and the website being visited using VML. ?? From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Rod Trent Sent: Monday, April 28, 2014 12:59 PM To: [email protected]<mailto:[email protected]> Subject: RE: [NTSysADM] IE exploit The is the first in a coming list of exploits that Windows XP will be vulnerable to forever. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Jonathan Link Sent: Monday, April 28, 2014 12:51 PM To: [email protected]<mailto:[email protected]> Subject: Re: [NTSysADM] IE exploit It's really bad if you're still running XP in your environment... On Mon, Apr 28, 2014 at 12:38 PM, David McSpadden <[email protected]<mailto:[email protected]>> wrote: Any reason for concern? This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. Please consider the environment before printing this email. This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. Please consider the environment before printing this email. This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. Please consider the environment before printing this email.
