Page 1 of 2 12 LastLast
Results 1 to 15 of 25
  1. #1
    5 Star Lounger
    Join Date
    Jan 2011
    Location
    Seattle, WA
    Posts
    1,070
    Thanks
    42
    Thanked 132 Times in 86 Posts

    The fuss about a new lE zero-day vulnerability




    PATCH WATCH

    The fuss about a new lE zero-day vulnerability


    By Susan Bradley

    A newly revealed lnternet Explorer flaw received an extraordinary amount of news coverage. The vulnerability was widely reported, mostly because the U.S. Department of Homeland Security's Computer Emergency Readiness team had issued an alert.

    The full text of this column is posted at windowssecrets.com/patch-watch/the-fuss-about-a-new-ie-zero-day-vulnerability/ (opens in a new window/tab).

    Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.

  2. #2
    New Lounger
    Join Date
    Dec 2009
    Location
    NJ USA
    Posts
    9
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Good info but I have a question about vgx.dll. The recommendation is to disable it via the registry but I wonder if we could just delete it instead?

  3. #3
    New Lounger
    Join Date
    Dec 2009
    Location
    Montréal, Quebec, Canada
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Hello,
    I followed the instructions, got the message and added the vmlmaker.com site to IE's Compatibility View List. Now, I get an office layout instead of a blank page. Is this normal?
    Thanks!

  4. #4
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    Courtenay, BC
    Posts
    244
    Thanks
    9
    Thanked 16 Times in 15 Posts
    Ernie- if you delete a system DLL, it will get restored the next time you do a repair or other Windows maintenance routine.
    Not a good practice to delete Windows components anyway.

  5. #5
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    Courtenay, BC
    Posts
    244
    Thanks
    9
    Thanked 16 Times in 15 Posts
    Susan -
    I hope you're planning to cover the broader Heartbleed issue - in hardware. HP My Cloud and a number of hardware firewalls and routers use the broken version of OpenSSL. They'll need to be updated manually or replaced. Linksys is fine but some Cisco devices are not.
    http://www.wired.com/2014/04/heartbleed_embedded/

  6. The Following User Says Thank You to DavidFB For This Useful Post:

    BruceR (2014-05-01)

  7. #6
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    Fresno, California, USA
    Posts
    259
    Thanks
    0
    Thanked 71 Times in 45 Posts
    Yes to David will do. Good topic.
    As far as this dll, Microsoft released an out of band (out of cycle) IE update so I'll urge you to do that instead.

  8. #7
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    Fresno, California, USA
    Posts
    259
    Thanks
    0
    Thanked 71 Times in 45 Posts
    HP mycloud or WDMycloud? I think you mean WD?

  9. #8
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    Fresno, California, USA
    Posts
    259
    Thanks
    0
    Thanked 71 Times in 45 Posts
    [GUIDE] Patch the Heartbleed OPENSSL vulnerability - WD Community:
    http://community.wd.com/t5/WD-My-Clo...ty/td-p/718234

    And they just released an update for WD.

  10. The Following User Says Thank You to SusanBradley For This Useful Post:

    PhotM (2014-05-05)

  11. #9
    Lounger
    Join Date
    Apr 2011
    Posts
    41
    Thanks
    2
    Thanked 3 Times in 3 Posts
    When I check Windows Update this afternoon, auto update installed KB 2964358 for IE 11 for Windows 7 for x64-based systems. Does this mean that the vulnerability is patched? Thanks.

  12. #10
    New Lounger
    Join Date
    Jan 2010
    Location
    Tomball, Texas
    Posts
    20
    Thanks
    0
    Thanked 2 Times in 1 Post
    Win7 32 bit, IE10: I do not get a blank page -- just the VMLMaker page.

    Win7 64 bit, IE11: I get the page with the "A VML capable ..." message but can not add VMLMaker.com to the compatibility table (it disappears after adding or restarting IE).

    In both cases the regsvr32 -u command returned a "success" panel.

  13. #11
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    4,756
    Thanks
    171
    Thanked 653 Times in 576 Posts
    Quote Originally Posted by MarciaG View Post
    When I check Windows Update this afternoon, auto update installed KB 2964358 for IE 11 for Windows 7 for x64-based systems. Does this mean that the vulnerability is patched? Thanks.
    Yes: Security Update for Internet Explorer

  14. #12
    New Lounger
    Join Date
    Dec 2009
    Location
    Southfield, Michigan
    Posts
    12
    Thanks
    0
    Thanked 2 Times in 2 Posts
    As Susan suggests in her column, the threat from this bug was overblown by the mainstream media, to begin with. But I told anyone who asked that I believed Microsoft would issue a patch for XP users in this case, and for several different reasons:

    1. Microsoft once upon a time (remember?) tried to claim that IE was an integral part of the OS. They failed to make their case. If you still have an XP machine, click Control Panel>Set Program Access and Defaults; there you will be able to discard IE as your "default" browser. They were required to add that capability and did so in one of the XP Service Packs. All later editions of Windows have similar settings (in WIN 7 it's called "Default Settings.") Therefore, a bug in IE is technically not (very possibly as a matter of case law) an operating system flaw, but rather an application flaw. That gives Microsoft an opening to patch the flaw without actually circumventing the end of their support for WIN XP. Furthermore, just because ongoing support has ended, that does not mean Microsoft--out of the goodness of their hearts--cannot issue future XP patches on an ad hoc basis if they deem it in their own best interests.

    2. The latest version of IE for WIN XP was 8. IE8 was also included with WIN 7 very early on. So how could they claim they are issuing a patch for IE8 for WIN 7 users, but not for WIN XP users? Think about that for a minute, especially in light of the first point raised above. Is it an application or not? Do they want to litigate that issue again?

    3. Can you imagine how many lawyers and politicians there are out there who would love to turn this IE bug into another media circus like the one that befell the morons at General Motors with regard to their crappy ignition switches? Especially coming not even a month after ongoing support for WIN XP ended, with 100s of millions of computer users still working with XP machines! (Confession: I still use an old XP-based Dell desktop to print snapshots. My old HP scanner and printer do not have 64-bit drivers, so I cannot attach them to my newer machines. They still work fine for limited use.)

    Conspiracy theorists are already claiming that Microsoft managed to squelch publicity about this bug until after support ended so they could frighten people even more so into upgrading or buying new hardware. How would you like to be a Softie on a witness stand trying to explain why you are so stupid as to have failed to catch this bug earlier? Can you imagine Ford or Chrysler getting away with announcing that they will not allow any of their models built before 2002 to be fixed and that their owners should get rid of them?

    I cannot predict what will happen when the next zero-day IE bug is discovered, but it was very obvious to me that the odds favored a patch for older IE versions in this instance.

  15. #13
    2 Star Lounger
    Join Date
    Jul 2011
    Location
    Colorado
    Posts
    129
    Thanks
    30
    Thanked 10 Times in 10 Posts
    I am a little confused which is not surprising. I went to the Microsoft download center and searched for KB2929437 and the offers are patches for Internet Explorer 11. I am running Internet Explorer 8, so should I still install KB2929437? (Prior to KB2964358 that is)

    http://www.microsoft.com/en-us/searc...s=AllDownloads



    I also searched for KB2964444 and the same thing; all for Internet Explorer 11.

    http://www.microsoft.com/en-us/searc...px?q=kb2964444


    So I am confused since I am an Internet Explorer 8 user on a Windows 7 64-bit machine that these patches say Internet Explorer 11.
    "Every Thing Changes but Change Itself"

    [Core I7 6700][Asus Maximus VIII Hero][8GB G.Skill memory][Asus GTX 980Ti Strix][1 x 512GB Samsung 950 Pro][850W Seasonic PSU][Antec 900][Windows 10 Professional, 64-bit][2 x Asus PG278Q]

    [Core I5 2500k][Asus P8P67 Pro (ver 3.1)][8GB Corsair memory][Asus ENGT430][1 x 90GB Corsair GT SSD][650W Corsair PSU][Thermaltake DH-202][Windows 7 Home, 64-bit][65" Panasonic Plasma T.V.]

  16. #14
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    4,756
    Thanks
    171
    Thanked 653 Times in 576 Posts
    Quote Originally Posted by swatbat2142 View Post
    I am a little confused which is not surprising. I went to the Microsoft download center and searched for KB2929437 and the offers are patches for Internet Explorer 11. I am running Internet Explorer 8, so should I still install KB2929437? (Prior to KB2964358 that is)

    http://www.microsoft.com/en-us/searc...s=AllDownloads
    No.


    Quote Originally Posted by swatbat2142 View Post
    I also searched for KB2964444 and the same thing; all for Internet Explorer 11.

    http://www.microsoft.com/en-us/searc...px?q=kb2964444


    So I am confused since I am an Internet Explorer 8 user on a Windows 7 64-bit machine that these patches say Internet Explorer 11.
    The link in post #11 leads to patch downloads for all IE versions.

    You only need Security Update for Internet Explorer 8 in Windows 7 x64 Edition (KB2964358)


    Bruce

  17. #15
    2 Star Lounger
    Join Date
    Jul 2011
    Location
    Colorado
    Posts
    129
    Thanks
    30
    Thanked 10 Times in 10 Posts
    OK, I just got confused as well from Microsoft which says this under the "More Information" section

    http://support.microsoft.com/kb/2964358

    I checked my system and I do not have KB2929437 installed so when I read this I was wondering.
    Last edited by swatbat2142; 2014-05-02 at 10:13. Reason: Additional information
    "Every Thing Changes but Change Itself"

    [Core I7 6700][Asus Maximus VIII Hero][8GB G.Skill memory][Asus GTX 980Ti Strix][1 x 512GB Samsung 950 Pro][850W Seasonic PSU][Antec 900][Windows 10 Professional, 64-bit][2 x Asus PG278Q]

    [Core I5 2500k][Asus P8P67 Pro (ver 3.1)][8GB Corsair memory][Asus ENGT430][1 x 90GB Corsair GT SSD][650W Corsair PSU][Thermaltake DH-202][Windows 7 Home, 64-bit][65" Panasonic Plasma T.V.]

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •