Thanks for looking out Noodle
| Yarr The Pirate! https://w.yarrthepirate.com/phpbb3/ |
|
| Microsoft Security Update MS13-080 https://w.yarrthepirate.com/phpbb3/viewtopic.php?f=84&t=14314 |
Page 1 of 1 |
| Author: | ChickenNoodleSoup [ Fri Oct 25, 2013 10:54 am ] |
| Post subject: | Microsoft Security Update MS13-080 |
Just a friendly reminder for those of you who haven't patched your systems lately to get MS13-080 (released 2 weeks ago) http://technet.microsoft.com/en-us/secu ... n/ms13-080 Addresses 2 major critical vulnerabilities (among others): CVE-2013-3893 CVE-2013-3897 **CVE = common vulnerabilities exposures (essentially ticket number/reference number for vulnerabilities) Readings for CVE-2013-3893 (explains how the exploit works -- please give a read just to get a high level overview of the thought vector/angle): http://nakedsecurity.sophos.com/2013/10 ... ay-part-1/ http://nakedsecurity.sophos.com/2013/10 ... ay-part-2/ Reading for CVE-2013-3897 ** this one targets online banking and online gaming info http://blog.spiderlabs.com/2013/10/anot ... o-day.html http://blog.spiderlabs.com/2013/10/ie-z ... pects.html ** code targets korean/japanese users on XP machines, but can be modified to target any end user TLDR: Vulnerability that allows for remote code execution (RCE) - so please patch your machine if you haven't already Remember, you don't need to actively click a link to download the payload (aka drive by download) to be exposed/compromised (though doing so would makes it much easier for the attackers). You also don't need to actively visit a 'bad' site to be exposed/compromised (though again, this makes it much easier for the bad guys) **e.g visit 'legitimate' websites that have ads where the ad companies don't sanitize code/links (most do -- but some out there don't and allow for any doo-hickery) and the ad silently redirects your browser to a malicious site, which then silent drops the malware payload onto your computer |
|
| Author: | Kluya [ Fri Oct 25, 2013 11:34 am ] |
| Post subject: | Re: Microsoft Security Update MS13-080 |
Thanks for looking out Noodle
|
|
| Author: | Ketrebu [ Fri Oct 25, 2013 12:34 pm ] |
| Post subject: | Re: Microsoft Security Update MS13-080 |
If you already upgraded to Windows 8.1 (and you should have) then the update is actually KB2884101. Mine installed automatically around a week ago. But seriously, keep Windows Update turned on and automatic, you shouldn't have that shit turned off exactly for reasons such as this. |
|
| Author: | Ridere [ Fri Oct 25, 2013 12:38 pm ] |
| Post subject: | Re: Microsoft Security Update MS13-080 |
I have a laptop that I don't have auto-updates on. Twice now the whole thing has bricked at like 15, or 32% or something like that. This results in me needing to wipe everything and reinstall from scratch. Annoying! |
|
| Author: | Auspice [ Fri Oct 25, 2013 2:40 pm ] |
| Post subject: | Re: Microsoft Security Update MS13-080 |
I'm confused, from a quick glance this just relates to IE? |
|
| Author: | ChickenNoodleSoup [ Fri Oct 25, 2013 5:39 pm ] |
| Post subject: | Re: Microsoft Security Update MS13-080 |
Yes, CVE-2013-3893 and CVE-2013-3897 pertains to IE |
|
| Author: | Ketrebu [ Fri Oct 25, 2013 8:25 pm ] |
| Post subject: | Re: Microsoft Security Update MS13-080 |
Though to be honest IE's so ingrained into the system I wouldn't dismiss a big security update just because "Oh but I use Chrome instead". |
|
| Page 1 of 1 | All times are UTC - 5 hours |
| Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/ |
|