Internet Explorer

Microsoft has confirmed a bug in Internet Explorer 8, CVE-2013-1347, which exposes user machines to remote code execution. In an advisory, Microsoft says the vulnerability “exists in the way that Internet Explorer [accesses] an object in memory that has been deleted or has not been properly allocated.” That, in turn, opens the door to memory corruption and remote code execution in the current user context. According to this blog post by Eric Roman: “A use-after-free condition occurs when a CGenericElement object is freed, but a reference is kept on the document and used again during rendering, an invalid memory that’s controllable is used, and allows arbitrary code execution under the context of the user.” ...

Internet Explorer 10 is available worldwide in 95 languages for download today. Read more in IE Blog: http://blogs.msdn.com/b/ie/archive/2013/02/26/ie10-for-windows-7-globally-available-for-consumers-and-businesses.aspx Download Links: x86: http://www.microsoft.com/en-us/download/details.aspx?id=36808 x64: http://www.microsoft.com/en-us/download/details.aspx?id=36806 Other (Non-English) Languages: http://windows.microsoft.com/en-us/internet-explorer/downloads/ie-10/worldwide-languages

TheTelegraph: Internet Explorer users might want to consider upgrading or switching to another browser after a massive security hole was discovered in Windows’ native web browser. According to security forum, Rapid7 , Internet Explorer 7, 8 and 9 operating on Windows XP, Vista and Seven contains what is known as a “zero day exploit” which allows attackers to gain access to your personal data while you browse. The forum claimed the exploit would give cyber criminals “the same privileges as the current user”. ...

h-online: Microsoft has confirmed that it will deliver a security update for the bundled version of Flash Player used by Internet Explorer 10 (IE10) sooner than previously planned. In a statement sent to ZDNet, Yunsun Wee, Trustworthy Computing Director at Microsoft, said that the company is working closely with Adobe on an updated version of the Flash plugin which “will be available shortly”. The forthcoming Windows 8 comes with Internet Explorer 10, which, in turn, includes its own version of Flash Player. This arrangement relies on Microsoft’s automatic updates system, Windows Update, for updating the version of Flash included in the web browser. ...

MSDN: The August 2012 Cumulative Security Update for Internet Explorer is now available via Windows Update. This security update resolves four privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9 on Windows clients and Moderate for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9 on Windows servers For more information, see the full bulletin. ...

The H-Online: Microsoft has released seven security bulletins fixing a total of 27 security holes, 13 of them in Internet Explorer. The rest of the patches affect all currently supported Windows versions, the .NET Framework, Remote Desktop, Lync and Dynamics AX. A patch that had been announced for Visual Basic for Applications has yet to be released. The most important updates are bundled in the cumulative Internet Explorer patch (MS12-037), which includes fixes for the holes that were targeted by Pwn2Own exploits. Microsoft is the last of the companies to close the exposed holes that were targeted during the Pwn2Own competition; Google and Mozilla fixed their browsers in March. According to Michael Kranawetter, Microsoft’s Chief Security Advisor in Germany, the IE patch also affects the Windows 8 Consumer Preview, and therefore Internet Explorer 10. ...

H-Online.com: Following the revelation that Google and other online marketing companies have been bypassing the mechanism for blocking third-party cookies in Safari, the Internet Explorer development team asked themselves whether Google might be doing the same thing in IE. As they detail on IEBlog, they discovered that this was the case – Google circumvents Internet Explorer’s cookie policy by subverting the browser’s P3P-based privacy protection mechanism. P3P stands for Platform for Privacy Preferences Project and is an open W3C standard. It is intended to help both users and programs determine what sites do with personal data. The cookie management system in Internet Explorer blocks third party cookies from sites that do not supply a P3P policy statement telling it how cookies are used. ...

LifeHacker: Chrome 17 is out with a new pre-rendering feature designed to make your pages load faster, and both Firefox and Opera have also released speedy new versions since our last round of speed tests. So, we’ve once again pitted the four most popular web browsers against each other in a battle of startup times, tab loading times, and more, with more surprising results. Continue Reading: http://lifehacker.com/5884941/browser-speed-tests-chrome-17-firefox-10-internet-explorer-9-and-opera-1161 (Hint: As always Chrome is winner, no doubt!) ...

SophosLabs: Microsoft’s Ryan Gavin announced a new strategy to keep the web safe… Keep your Internet Explorer up to date. It is great news for Windows users who don’t appreciate the importance of staying up to date. Microsoft has been struggling with browser stragglers for years. They even ran their own campaign comparing IE 6 to spoiled milk including shameful infopr0n. Old versions of IE leave a considerable number of users vulnerable to old exploits, or in their parlance easy targets. ...

Mashable: Internet Explorer can no longer claim more than half of the web’s traffic, as of October, ending more than a decade of the default Microsoft browser’s reign. Safari’s hold on 62.17% of mobile traffic has reduced IE’s overall share of web browsing, despite still claiming 52.63% of desktop traffic, according to Netmarketshare.com. The Microsoft browser’s diminishing share (49.6%) reflects its near absence from the realms of mobile and tablet, which now make up 6% of web traffic. However, chances are, you gave up on IE long enough ago that this milestone makes you more curious as to who actually still uses the browser. ...