0day: Remote Code Execution on IE 6->11 (included)

Thank you for the share ;)

I read that yesterday, I was laughing a lot ! Finally some people will understand the shit IE is…

@Hackay People who use IE won’t understand crap. They’ll just blame it on the malicious hackers, not on the poor security. Some people just don’t see computers as buildings, with doors and windows which, if left open, invite all sorts of insects and robbers, so they don’t care about securing them at all (i.e. closing the doors and windows).

Excellent post, @Memoria ! Thanks for sharing!

Nice share @Memoria .That would have been so good if they posted a section-

How to be safe?
Ans: Just don’t use IE. Simple.

The point is depending your version of Windows, you cannot completely uninstall IE.
IE is used by lots of program without you know about it.
What peoples tends to forget as well is windows is used by lots of computer systems like ATMs and that also means some of them won’t get the corrective patch (cf in China).
(source: http://au.ibtimes.com/articles/549968/20140429/china-chinese-government-windows-xp-microsoft.htm#.U19xHvmSxMc )

On the top of that, companies tends to block installation of software, letting the users with the default browser => IE.
This is the responsibility of the system & security engineer to upgrade all the workstations but once again.. It’s not that easy.

I suspect Microsoft to already know about this flow and blow it public only now in order to force the last country to pay for update.
When we’re talking about hundreds of millions dollars, we can not exclude any possibility.

Just a little extra, taken off W3Schools:

That’s true @Fireshard !
Maybe one day they will understand after couple of problems and good friends' advice…

According to http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html it also requires to user to have flash. Not that it makes things much better…

Shame really, IE has been improving a lot lately. IE 11 is actually a really quite decent browser.

Memoria very interesting.
I think that Windows XP has been shut reinforced by Microsoft, for this XP become a Hackers-heaven. & why not IE.

Speaking of flash, they also had their “zero day” this month, but they were faster than Microsoft to publish a patch:
http://www.tomsguide.com/us/adobe-patch-zero-day-syria,news-18700.html

edit:
What a turnaround from Microsoft, they will actually patch windows XP !
http://thehackernews.com/2014/05/microsoft-patches-internet-explorer.html