[TOGG]

Details here; http://isc.sans.edu/index.html Probably no need for excessive panic (yet), as these threats can sometimes be seriously exaggerated.

I took the advice to use something other than IE many years ago (back in the days of IE 5.5 and 6 and the 'Love bug' worm and other similar delights)!.

[dvk01]

http://thespykiller.co.uk/blog/0-day...rnet-explorer/

This is serious and can potentially enable your computer to be completely taken over

following the suggested advise to install & configure EMET will protect you agaist this & just about all other possible exploits

[Phantom010]

Will EMET work well with Java to prevent Java Exploits?

[dvk01]

I am not certain on that, you can add java to EMET so any exploits in the java program itself will be protected against, BUT as the java exploits tend to attack IE & other browsers, adding all browsers to EMET is a more certain way
I also add ALL office programs to EMET

The normal method of using plugins like Java & Flash to attack IE/FF or chrome should be blocked by adding the browsers to EMET.
That doesn't mean that you don't need to update the plugins. You DO

Many of the exploits using the plugins are because the plugins are allowed or designed to perform certain tasks and updates generally block or remove the code that has allowed those functions to run, that weren't envisaged or intended when Java or flash was made.

[Phantom010]

OK, thanks!

[dvk01]

I am led to believe that this particualr exploit requires Java on Vista & W7 but not on XP
so one good work around on Vista/W7 is uninstall Java unless you have an absolute need for it to be installed

Unfortunately if you are using XP then at this time the best workaround is NOT to use IE but to use chrome or Firefox, however, it has not been confirmed but is widely believed that a similar exploit that works on other browsers is in the pipleline, if it hasn't already been released

[Phantom010]

Does the EMET_Notifier need to auto load with Windows and sit in the systray, since it's only a notifier? Is the feature absolutely necessary?

[dvk01]

I believe so , but I will ask

[dvk01]

yes it does need to be running , at least to alert you that Emet has done something to protect you, like stopping an exploit
http://social.technet.microsoft.com/...8-049c61ff4928

[Phantom010]

It needs to be there if you wish to see the alerts, but removing EMET_Notifier is not going to prevent the program from blocking exploits, right?

[dvk01]

I don't believe so , but stopping notifier also stops the logging, so you have no way of knowing what it stopped or whether it was a genuine attack or exploit or whether it just stopped a legitimate program from running

Obviously it is your choice, but I would keep it running for my peace of mind
Unfortunately all tools like EMET work on behaviour so there will be some false alarms & it will almost certainly stop legitimate processes at some time. I have seen several comments that Skype can get blocked and fail to open when emet is enabled for it ( on some computers)
That is the reason for the notifier alerting that it has done something, otherwise you forget it might be responsible & curse and swear when a program crashes and start allsorts of trouble shooting

[Phantom010]

Good point, thanks!

[Phantom010]

Getting a few too many false positives while running IE8. DEP prompts while using TSG! They crash IE8. Maybe that's why I had never heard of EMET before...

[dvk01]

latest news from Microsoft

Quote:

We will release a Fix it in the next few days to address an issue in Internet Explorer, as outlined in the Security Advisory 2757760 that we released yesterday.

While we have only seen a few attempts to exploit the issue, impacting an extremely limited number of people, we are taking this proactive step to help ensure Internet Explorer customers are protected and able to safely browse online.


The Fix it is an easy-to-use, one-click, full-strength solution any Internet Explorer user can install. It will not affect your ability to browse the Web, and it will provide full protection against this issue until an update is available. It won’t require a reboot of your computer.


This Fix it will be available for everyone to download and install within the next few days. Until then, we encourage folks to review the advisory and follow the other mitigations listed there.

http://blogs.technet.com/b/msrc/arch...edirected=true

[hewee]

Quote:

Originally Posted by TOGG

Details here; http://isc.sans.edu/index.html Probably no need for excessive panic (yet), as these threats can sometimes be seriously exaggerated.

I took the advice to use something other than IE many years ago (back in the days of IE 5.5 and 6 and the 'Love bug' worm and other similar delights)!.

I never even had IE installed back then and use Netscape and when IE took over I see all new people with IE and then all the people posting for help and most were using IE.

I open IE with very high setting as high as I can go and get MS updates.

http://technet.microsoft.com/en-us/s...letin/ms12-sep

Quote:

Microsoft Security Bulletin out of band Advance Notification

This is an advance notification for one out-of-band security bulletin that Microsoft is intending to release on September 21, 2012. The bulletin addresses security vulnerabilities in Internet Explorer.