It is currently Thu Mar 28, 2024 12:56 pm View unanswered posts | View active topics |


Board index » Community » Computers & Technology


Post new topic Reply to topic  [ 7 posts ] 
Author Message
 Post subject: Microsoft Security Update MS13-080
PostPosted: Fri Oct 25, 2013 10:54 am 
Decent Challenge
Decent Challenge
User avatar

Joined: Mon Jun 07, 2004 10:02 pm
Posts: 416
Just a friendly reminder for those of you who haven't patched your systems lately to get MS13-080 (released 2 weeks ago)
http://technet.microsoft.com/en-us/secu ... n/ms13-080

Addresses 2 major critical vulnerabilities (among others):
CVE-2013-3893
CVE-2013-3897

**CVE = common vulnerabilities exposures (essentially ticket number/reference number for vulnerabilities)

Readings for CVE-2013-3893 (explains how the exploit works -- please give a read just to get a high level overview of the thought vector/angle):
http://nakedsecurity.sophos.com/2013/10 ... ay-part-1/
http://nakedsecurity.sophos.com/2013/10 ... ay-part-2/

Reading for CVE-2013-3897
** this one targets online banking and online gaming info
http://blog.spiderlabs.com/2013/10/anot ... o-day.html
http://blog.spiderlabs.com/2013/10/ie-z ... pects.html
** code targets korean/japanese users on XP machines, but can be modified to target any end user


TLDR:
Vulnerability that allows for remote code execution (RCE) - so please patch your machine if you haven't already

Remember, you don't need to actively click a link to download the payload (aka drive by download) to be exposed/compromised (though doing so would makes it much easier for the attackers).
You also don't need to actively visit a 'bad' site to be exposed/compromised (though again, this makes it much easier for the bad guys)
**e.g visit 'legitimate' websites that have ads where the ad companies don't sanitize code/links (most do -- but some out there don't and allow for any doo-hickery) and the ad silently redirects your browser to a malicious site, which then silent drops the malware payload onto your computer

_________________
Image


Top
 Profile  
 
 Post subject: Re: Microsoft Security Update MS13-080
PostPosted: Fri Oct 25, 2013 11:34 am 
Posts way too much
Posts way too much
User avatar

Joined: Thu Dec 30, 2004 10:30 pm
Posts: 4174
Location: Arizona
Thanks for looking out Noodle :)

_________________
Image


Top
 Profile  
 
 Post subject: Re: Microsoft Security Update MS13-080
PostPosted: Fri Oct 25, 2013 12:34 pm 
Crumpet
Crumpet
User avatar

Joined: Thu Jul 01, 2004 5:57 am
Posts: 5363
Location: England
If you already upgraded to Windows 8.1 (and you should have) then the update is actually KB2884101. Mine installed automatically around a week ago.

But seriously, keep Windows Update turned on and automatic, you shouldn't have that shit turned off exactly for reasons such as this.


Top
 Profile  
 
 Post subject: Re: Microsoft Security Update MS13-080
PostPosted: Fri Oct 25, 2013 12:38 pm 
Posts way too much
Posts way too much
User avatar

Joined: Fri May 21, 2004 1:07 am
Posts: 4142
Location: Oregon
I have a laptop that I don't have auto-updates on. Twice now the whole thing has bricked at like 15, or 32% or something like that. This results in me needing to wipe everything and reinstall from scratch. Annoying!

_________________
Image


Top
 Profile  
 
 Post subject: Re: Microsoft Security Update MS13-080
PostPosted: Fri Oct 25, 2013 2:40 pm 
Easy Prey
Easy Prey
User avatar

Joined: Wed Sep 04, 2013 11:17 am
Posts: 234
I'm confused, from a quick glance this just relates to IE?


Top
 Profile  
 
 Post subject: Re: Microsoft Security Update MS13-080
PostPosted: Fri Oct 25, 2013 5:39 pm 
Decent Challenge
Decent Challenge
User avatar

Joined: Mon Jun 07, 2004 10:02 pm
Posts: 416
Yes, CVE-2013-3893 and CVE-2013-3897 pertains to IE

_________________
Image


Top
 Profile  
 
 Post subject: Re: Microsoft Security Update MS13-080
PostPosted: Fri Oct 25, 2013 8:25 pm 
Crumpet
Crumpet
User avatar

Joined: Thu Jul 01, 2004 5:57 am
Posts: 5363
Location: England
Though to be honest IE's so ingrained into the system I wouldn't dismiss a big security update just because "Oh but I use Chrome instead".


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 7 posts ] 

Board index » Community » Computers & Technology


Who is online

Users browsing this forum: No registered users and 13 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group