Reply
Tue 11 Jan, 2005 12:26 am
A serious exploit for Internet Explorer is in the wild. It's the worst I have seen. I have heard that a patch is coming on Wednesday at the latest.
Regardless of what browser you use (and if you have a windows box you have IE, whether you think so or not) run windows updates on Wednesday (or earlier).
Changing your IE security settings for the Internet Zone to high or disabling Active X will foil the exploit until you can patch.
As a side note some relatively serious (less so than the above) Mozilla and Firefox exploits were released recently so patch your software people.
Re: Update IE on Wednesday - Critical
So I guess I'm up a creek cause I didn't do SP2 yet, just a little nervous about that.
just noticed quick reply does not work well with security on high
This exploit affects post-sp2 computers. But sp2 fixes a lot of things that are as important if not more.
With security on high lots of functionality is reduced, this is usually the exchange you get for security.
If you just disable active x you can protect against this exploit with much less reduction of functionality.
Thank you for the warning.
I'll go kiss active-X goodbye tonight.
Is this -ALERT- Color-coded?
(Is it a "Level Orange" or a "Level Red"?)
In any coding system it should be critical/red whatnot. It's one of the most dangerous I have seen.
The patch is already out. Run windows updates.
I ran updates, but only SP2 was advertised. I'm not really ready for SP2 here. How do I just turn off ActiveX?
how do i start windows updates?
seed wrote:how do i start windows updates?
Go here:
http://windowsupdate.microsoft.com
cjhsa wrote:How do I just turn off ActiveX?
Tools >> Internet Options >> Security tab >> (make sure the Internet zone is selected) >> Custom Level button >> set "ActiveX controls and plug-ins > Run ActiveX controls and plug-ins" to "Disable".
That's usually not a good idea though, as e.g. Macromedia Flash & Adobe Reader run in IE as ActiveX plug-ins & the Windows Update website requires ActiveX controls.
does everyone need to turn off active x? what is going on? i really didnt understand the first post.. can i get a dumbed down version?
Well, I followed the link above and found three critical updates, one created today, so I downloaded and installed those, but not SP2.
Seed wrote:does everyone need to turn off active x? what is going on? i really didnt understand the first post.. can i get a dumbed down version?
Go here:
http://windowsupdate.microsoft.com (
) ...& install all critical updates listed.
Odd because if I double click on the Windows Update icon in the tray, it only shows SP2 as needing to be installed. The three critical updates went in just fine without SP2, but it did take a long time to reboot - slow going down with lots of disk activity.
So, am I good to go?
Any news on what it DOES?
I am starting to expect to be disembowelled by rabid pixels as soon as I turn my home computer on when I get home!!
Or have things waiting for me - like that murderous little fetish doll that Karen Black unleashed.......
this is all its telling me to update: Microsoft .NET Framework 1.1 Service Pack 1