Internet Explorer Zero day goes global

[JerryMungo]

https://community.spiceworks.com/to...rget-hospital-iot-and-ie-zero-day-goes-global

ZDNet reports that a "well resourced hacking group" is exploiting a previously unknown bug in Internet Explorer to infect PCs with malware. The attack was discovered by researchers at Qihoo 360, who say that the group is exploiting the flaw on a "global scale."

"Victims are required to open the Office document, which launches a malicious webpage in the background to deliver malware from a remote server," ZDNet writes.

"According to the firm, the vulnerability affects the latest versions of IE and other applications that use the browser."

Microsoft offered little in the way of insight in a response to ZDNet, recommending "customers use Windows 10 and Microsoft Edge browser for the best protection."

 

[kianm]

"Use Windows 10 and Edge...." Lol what an answer

I'm sure the latest version of IE is still within it's support period, but they figured the best is to ask everyone to "upgrade"

 

[sajunky]

Solution is to have macros disabled in the Office viewer application.
Which I do for years, BTW.

 

[ToxicBunny]

Solution is to have macros disabled in the Office viewer application.
Which I do for years, BTW.

You should have published your findings years ago... by not doing so I think you have opened yourself up to civil liability claims from all the victims... you knowingly withheld information that would have prevented this atrocious hacking

 

[JerryMungo]

^^Actually MS did that ages ago. Macros are disabled by default unless you implicitly enable them. These are the guys it's targeted at. People still use VBA.

 

[ToxicBunny]

^^Actually MS did that ages ago. Macros are disabled by default unless you implicitly enable them. These are the guys it's targeted at. People still use VBA.

See but sajunky knew this so he has to shoulder some civil liability for this mess...