Always a safe bet. :)
- WJR 🙈🙉🙊 On Mon, Apr 28, 2014 at 4:31 PM, Rod Trent <[email protected]> wrote: > I blame Adobe. > > -----Original Message----- > From: [email protected] [mailto: > [email protected]] On Behalf Of Susan Bradley > Sent: Monday, April 28, 2014 5:15 PM > To: [email protected] > Subject: Re: [NTSysADM] IE exploit > > Hang on, it's not the same exploit. You are confusing two Flash vectors. > > The zero day via Fireeye is CVE-2014-1776 > http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html > > The Flash patch below is a totally different Flash patch and it's from > Adobe. > http://helpx.adobe.com/security/products/flash-player/apsb14-09.html > It's just via Microsoft becasuse they stuck Flash in their browser and > thus they update it. *CVE number:* CVE-2014-0506, CVE-2014-0507, > CVE-2014-0508, CVE-2014-0509 > > Two totally different issues. > > Microsoft will patch all supported browsers for the weekend zero day when > it's ready. > > The flash patch is just a Flash update. > > On 4/28/2014 2:00 PM, Rod Trent wrote: > > > > BTW: Microsoft has a patch ready for IE10 and IE11 only – for Windows > > 8.x and Windows Server 2012… > > > > http://windowsitpro.com/msrc/flash-fix-ie-10-and-ie-11-only > > > > *From:*[email protected] > > [mailto:[email protected]] *On Behalf Of *David Lum > > *Sent:* Monday, April 28, 2014 4:56 PM > > *To:* [email protected] > > *Subject:* RE: [NTSysADM] IE exploit > > > > Saw this on a forum today: ”We have one agency warning us of an > > exploit, and the other agency trying to use the exploit :)” > > > > FTW! > > > > -Dave Lum > > > > *From:*[email protected] > > <mailto:[email protected]> > > [mailto:[email protected]] *On Behalf Of *Rod Trent > > *Sent:* Monday, April 28, 2014 12:04 PM > > *To:* [email protected] > > <mailto:[email protected]> > > *Subject:* RE: [NTSysADM] IE exploit > > > > It’s not. Adobe has been working on today’s patch since early April, > > working with Kaspersky. The one announced over the weekend as > > identified by FireEye and Microsoft is working on a patch. > > > > *From:*[email protected] > > <mailto:[email protected]> > > [mailto:[email protected]] *On Behalf Of *David Lum > > *Sent:* Monday, April 28, 2014 3:00 PM > > *To:* [email protected] > > <mailto:[email protected]> > > *Subject:* RE: [NTSysADM] IE exploit > > > > Adobe’s patch addresses CVE-2014-0515 > > > > Microsoft’s address CVE-2014-1776 > > > > It’s possible they are linked, since this article does make them seem > > like the same attack vector, but I do not speek enough > > programmer-speak to know for sure: > > > > http://www.securelist.com/en/blog/8212/New_Flash_Player_0_day_CVE_2014 > > _0515_used_in_watering_hole_attacks > > > > -Dave Lum > > > > *From:*[email protected] > > <mailto:[email protected]> > > [mailto:[email protected]] *On Behalf Of *David McSpadden > > *Sent:* Monday, April 28, 2014 10:37 AM > > *To:* '[email protected]' > > *Subject:* RE: [NTSysADM] IE exploit > > > > I thought that is what I read in the MS articles? > > > > VML and Flash were the vector for the exploit? > > > > *From:*[email protected] > > <mailto:[email protected]> > > [mailto:[email protected]] *On Behalf Of *Rod Trent > > *Sent:* Monday, April 28, 2014 1:34 PM > > *To:* [email protected] > > <mailto:[email protected]> > > *Subject:* RE: [NTSysADM] IE exploit > > > > Yes, but that has nothing to do with the exploit reported over the > > weekend. > > > > *From:*[email protected] > > <mailto:[email protected]> > > [mailto:[email protected]] *On Behalf Of *Kennedy, Jim > > *Sent:* Monday, April 28, 2014 1:13 PM > > *To:* [email protected] > > <mailto:[email protected]> > > *Subject:* RE: [NTSysADM] IE exploit > > > > Flash just released an update. > > > > http://helpx.adobe.com/security/products/flash-player/apsb14-13.html > > > > *From:*[email protected] > > <mailto:[email protected]> > > [mailto:[email protected]] *On Behalf Of *Rod Trent > > *Sent:* Monday, April 28, 2014 1:11 PM > > *To:* [email protected] > > <mailto:[email protected]> > > *Subject:* RE: [NTSysADM] IE exploit > > > > It’s all versions of Internet Explorer. However, supported versions > > will be patched. > > > > There are ways to mitigate: > > > > http://windowsitpro.com/windows/all-hands-deck-zero-day-reported-wild- > > affects-ie6-11 > > > > > > *From:*[email protected] > > <mailto:[email protected]> > > [mailto:[email protected]] *On Behalf Of *David McSpadden > > *Sent:* Monday, April 28, 2014 1:05 PM > > *To:* [email protected] > > <mailto:[email protected]> > > *Subject:* RE: [NTSysADM] IE exploit > > > > Is it just XP or am I wrong that the 7’s, 8’s, and Server OS’s also an > > issue the way I am reading it. > > > > Especially if they have Adobe Flash (Not sure of version) and the > > website being visited using VML. > > > > ?? > > > > *From:*[email protected] > > <mailto:[email protected]> > > [mailto:[email protected]] *On Behalf Of *Rod Trent > > *Sent:* Monday, April 28, 2014 12:59 PM > > *To:* [email protected] > > <mailto:[email protected]> > > *Subject:* RE: [NTSysADM] IE exploit > > > > The is the first in a coming list of exploits that Windows XP will be > > vulnerable to forever. > > > > *From:*[email protected] > > <mailto:[email protected]> > > [mailto:[email protected]] *On Behalf Of *Jonathan Link > > *Sent:* Monday, April 28, 2014 12:51 PM > > *To:* [email protected] > > <mailto:[email protected]> > > *Subject:* Re: [NTSysADM] IE exploit > > > > It's really bad if you're still running XP in your environment... > > > > On Mon, Apr 28, 2014 at 12:38 PM, David McSpadden <[email protected] > > <mailto:[email protected]>> wrote: > > > > Any reason for concern? > > > > This e-mail and any files transmitted with it are property of > > Indiana Members Credit Union, are confidential, and are intended > > solely for the use of the individual or entity to whom this e-mail > > is addressed. If you are not one of the named recipient(s) or > > otherwise have reason to believe that you have received this > > message in error, please notify the sender and delete this message > > immediately from your computer. Any other use, retention, > > dissemination, forwarding, printing, or copying of this email is > > strictly prohibited. > > > > Please consider the environment before printing this email. > > > > This e-mail and any files transmitted with it are property of Indiana > > Members Credit Union, are confidential, and are intended solely for > > the use of the individual or entity to whom this e-mail is addressed. > > If you are not one of the named recipient(s) or otherwise have reason > > to believe that you have received this message in error, please notify > > the sender and delete this message immediately from your computer. Any > > other use, retention, dissemination, forwarding, printing, or copying > > of this email is strictly prohibited. > > > > Please consider the environment before printing this email. > > > > This e-mail and any files transmitted with it are property of Indiana > > Members Credit Union, are confidential, and are intended solely for > > the use of the individual or entity to whom this e-mail is addressed. > > If you are not one of the named recipient(s) or otherwise have reason > > to believe that you have received this message in error, please notify > > the sender and delete this message immediately from your computer. Any > > other use, retention, dissemination, forwarding, printing, or copying > > of this email is strictly prohibited. > > > > Please consider the environment before printing this email. > > > > -- > Got your CryptoLocker prevention in place? > http://www.thirdtier.net/2013/10/cryptolocker-prevention-kit-updates/ > Our last day of XP patching. Wave it goodbye. > > > > > > > > >
