Microsoft Internet Explorer Zero Day Bug: key events

May 3, 2014 by Leave a Comment

Here is the timeline of the now fixed Microsoft Zero Day Bug:

ie bug

Copyright: bubblenews

April 9, 2014: Microsoft stops supporting Windows XP.

 April 26, 2014: Microsoft announces the bug, originally discovered by FireEye

 April 28, 2014: The U.S. government issued an advisory warning people not to use Microsoft’s browser.

April 30: 2014: Microsoft offers advisory to deal with the zero day bug.

May 02, 2014: Microsoft fixes the bug: It is believed that the CEO of Microsoft was involved in the decision making. This makes this bug extremely high profile and propels the importance of security to another level.

What was the bug about: A zero-day bug or attack takes advantage of a security vulnerability on the same day that the vulnerability becomes publicly known. There are “zero days” between the time the vulnerability is discovered and the first attack. This is one of the biggest zero day bug ever. According to Microsoft, the bug “may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer.” Simply put, if the user is using particular versions of Windows XP and IE (versions 6 to 11) , attackers could lure the user to a malicious websites then run any code on the system, possibly taking complete control. The impact was huge as about a fourth of Windows users use the versions involved.

What it now means to XP and IE users: Most users need to do nothing as the fix will be downloaded automatically, next time they connect to the internet. But those who have disabled automatic updates need to apply the update manually.

Broader impact:  Earlier, Mashable’s Lance Ulanoff called on Microsoft CEO Satya Nadella to reverse course with “One Last Patch” for Windows XP. Such a move would make Nadella “the temporary hero of millions of hapless Windows XP users,” and if presented in the right way, would underscore the security risks associated with remaining on Windows XP, Ulanoff said. By those standards Nadella has rescued 25% of the world! However this goes on to show that a critical security issue can put a major corporation under pressure to work on patches an products which it had decided not to support.

 

References:
1. Time: Microsoft Fixes Internet Explorer Security Bug

2. venturebeat.com: U.S. government urges caution after Microsoft reveals dangerous Internet Explorer bug

Beginners guide to terms used:
Zero Day Attack

 

Twitt
Filed Under: Security News, Web Security

SecurityDen.com is launched

April 20, 2014 by 2 Comments
securityden.com

securityden.com

Computer security is one of the fastest growing fields within Computer Science. Within the last two years the frequency and scale of corporate data breaches have grown manifold. Security is the number one concern in enterprise movement to the cloud. There is no dearth of security magazines journals and blogs. Yet very few focus on simplifying the complex issues of security in a simple language.

securityden.com is being launched with the mission  to simplify computer security for software professionals and for computer users. The blog shall include but not be limited to everyday security topics, security news, cloud security, threat modeling, book reviews and advice for newcomers to the field of computer security. Our vision is to be among top 10 security related blogs in the world  by 2015.

Unless otherwise indicated, the blogs will be written by Shreyas Kumar. Shreyas holds an MS degree in Computer Science from Texas A&M University where he wrote a unusual and widely acclaimed thesis on “Patterns in the daily diaries of 41st President George Bush”. He has completed his PhD coursework from University of California Santa Cruz and is writing his thesis on “Threat modeling for the cloud”. Shreyas has over 14 years of industry experience in India, Singapore and USA in product development. He has designed and taught a university level course on Java security and holds a CISSP certification.

Social media presence:
Facebook 
Twitter
Pinterest
LinkedIn

We hope our prospective readers find the blog useful. For any suggestions please email admin@securityden.com

Twitt
Filed Under: Security News, SecurityDen