BTW: Microsoft has a patch ready for IE10 and IE11 only – for Windows
8.x and Windows Server 2012…
http://windowsitpro.com/msrc/flash-fix-ie-10-and-ie-11-only
*From:*[email protected]
[mailto:[email protected]] *On Behalf Of *David Lum
*Sent:* Monday, April 28, 2014 4:56 PM
*To:* [email protected]
*Subject:* RE: [NTSysADM] IE exploit
Saw this on a forum today: ”We have one agency warning us of an
exploit, and the other agency trying to use the exploit :)”
FTW!
-Dave Lum
*From:*[email protected]
<mailto:[email protected]>
[mailto:[email protected]] *On Behalf Of *Rod Trent
*Sent:* Monday, April 28, 2014 12:04 PM
*To:* [email protected]
<mailto:[email protected]>
*Subject:* RE: [NTSysADM] IE exploit
It’s not. Adobe has been working on today’s patch since early April,
working with Kaspersky. The one announced over the weekend as
identified by FireEye and Microsoft is working on a patch.
*From:*[email protected]
<mailto:[email protected]>
[mailto:[email protected]] *On Behalf Of *David Lum
*Sent:* Monday, April 28, 2014 3:00 PM
*To:* [email protected]
<mailto:[email protected]>
*Subject:* RE: [NTSysADM] IE exploit
Adobe’s patch addresses CVE-2014-0515
Microsoft’s address CVE-2014-1776
It’s possible they are linked, since this article does make them seem
like the same attack vector, but I do not speek enough
programmer-speak to know for sure:
http://www.securelist.com/en/blog/8212/New_Flash_Player_0_day_CVE_2014
_0515_used_in_watering_hole_attacks
-Dave Lum
*From:*[email protected]
<mailto:[email protected]>
[mailto:[email protected]] *On Behalf Of *David McSpadden
*Sent:* Monday, April 28, 2014 10:37 AM
*To:* '[email protected]'
*Subject:* RE: [NTSysADM] IE exploit
I thought that is what I read in the MS articles?
VML and Flash were the vector for the exploit?
*From:*[email protected]
<mailto:[email protected]>
[mailto:[email protected]] *On Behalf Of *Rod Trent
*Sent:* Monday, April 28, 2014 1:34 PM
*To:* [email protected]
<mailto:[email protected]>
*Subject:* RE: [NTSysADM] IE exploit
Yes, but that has nothing to do with the exploit reported over the
weekend.
*From:*[email protected]
<mailto:[email protected]>
[mailto:[email protected]] *On Behalf Of *Kennedy, Jim
*Sent:* Monday, April 28, 2014 1:13 PM
*To:* [email protected]
<mailto:[email protected]>
*Subject:* RE: [NTSysADM] IE exploit
Flash just released an update.
http://helpx.adobe.com/security/products/flash-player/apsb14-13.html
*From:*[email protected]
<mailto:[email protected]>
[mailto:[email protected]] *On Behalf Of *Rod Trent
*Sent:* Monday, April 28, 2014 1:11 PM
*To:* [email protected]
<mailto:[email protected]>
*Subject:* RE: [NTSysADM] IE exploit
It’s all versions of Internet Explorer. However, supported versions
will be patched.
There are ways to mitigate:
http://windowsitpro.com/windows/all-hands-deck-zero-day-reported-wild-
affects-ie6-11
*From:*[email protected]
<mailto:[email protected]>
[mailto:[email protected]] *On Behalf Of *David McSpadden
*Sent:* Monday, April 28, 2014 1:05 PM
*To:* [email protected]
<mailto:[email protected]>
*Subject:* RE: [NTSysADM] IE exploit
Is it just XP or am I wrong that the 7’s, 8’s, and Server OS’s also an
issue the way I am reading it.
Especially if they have Adobe Flash (Not sure of version) and the
website being visited using VML.
??
*From:*[email protected]
<mailto:[email protected]>
[mailto:[email protected]] *On Behalf Of *Rod Trent
*Sent:* Monday, April 28, 2014 12:59 PM
*To:* [email protected]
<mailto:[email protected]>
*Subject:* RE: [NTSysADM] IE exploit
The is the first in a coming list of exploits that Windows XP will be
vulnerable to forever.
*From:*[email protected]
<mailto:[email protected]>
[mailto:[email protected]] *On Behalf Of *Jonathan Link
*Sent:* Monday, April 28, 2014 12:51 PM
*To:* [email protected]
<mailto:[email protected]>
*Subject:* Re: [NTSysADM] IE exploit
It's really bad if you're still running XP in your environment...
On Mon, Apr 28, 2014 at 12:38 PM, David McSpadden <[email protected]
<mailto:[email protected]>> wrote:
Any reason for concern?
This e-mail and any files transmitted with it are property of
Indiana Members Credit Union, are confidential, and are intended
solely for the use of the individual or entity to whom this e-mail
is addressed. If you are not one of the named recipient(s) or
otherwise have reason to believe that you have received this
message in error, please notify the sender and delete this message
immediately from your computer. Any other use, retention,
dissemination, forwarding, printing, or copying of this email is
strictly prohibited.
Please consider the environment before printing this email.
This e-mail and any files transmitted with it are property of Indiana
Members Credit Union, are confidential, and are intended solely for
the use of the individual or entity to whom this e-mail is addressed.
If you are not one of the named recipient(s) or otherwise have reason
to believe that you have received this message in error, please notify
the sender and delete this message immediately from your computer. Any
other use, retention, dissemination, forwarding, printing, or copying
of this email is strictly prohibited.
Please consider the environment before printing this email.
This e-mail and any files transmitted with it are property of Indiana
Members Credit Union, are confidential, and are intended solely for
the use of the individual or entity to whom this e-mail is addressed.
If you are not one of the named recipient(s) or otherwise have reason
to believe that you have received this message in error, please notify
the sender and delete this message immediately from your computer. Any
other use, retention, dissemination, forwarding, printing, or copying
of this email is strictly prohibited.
Please consider the environment before printing this email.
