Windows 8

Windows 8 Update Feature and Internet Explorer Vulnerability

     This bog post has two parts. If you want, you may read the Part 2 first, but the second has a relationship with Part 1.

Part 1

     For people who want to take a little more "hands on" approach to updating their Windows 8 updates from Microsoft, here's the easiest way to get you to where you need to be: Press the Windows key

(the one with the flag on it) on your keyboard and type "control panel" without the quotes. From there find the System and Security link and click on it and then select Windows Update. On the left side of the new window there is a link to Change Settings. Now that you are where you need to be, here's what choices you will have and what each does.

 The Check, Download and Install option will allow updates to install themselves automatically, which is recommended because it ensures everything will be added without any effort by the you.

 The Do Not Check At All setting will stop all automatic downloads, installations, as well as any update checks.

Windows 8

     The Check and Download (Do Not Install) will set your computer to download Microsoft's updates, and then ask you which ones to install. By using this setting, no updates will ever be added automatically, so you must regularly remember to check for updates. If you are looking for more control over which updates get added to your Windows 8 system, this is the option for you.

     The Check Only (Do Not Download and Do Not Install) setting tells Windows 8 to merely to notify you of that their are updates available. You decide whether or not to download them and whether or not to install them. If you are looking for total control over Windows 8 updates, you will be made aware of the updates and patches released by Microsoft, but nothing will be done with them until you give your approval.

     Don't forget to click the OK button to confirm your choices and changes. Also, you can always go back and change the settings later.

Part 2

      Microsoft has acknowledged that a newly-discovered flaw in Microsoft's popular Internet Explorer (IE) web browser exists and could allow hackers to take control of a Windows-based computer. They also verified that it affects older versions of IE and has also released a temporary fix for the problem.

     "Microsoft is aware of targeted attacks that attempt to exploit this vulnerability through Internet Explorer 8," Microsoft said in a security advisory issued on Sunday, December 30, 2012.

     The vulnerability could reportedly allow a hacker to take control of a victim's computer if the user browses to a malicious website by a remote code execution flaw that exploits the way its popular browser accesses a computer's memory. 

     "In a web-based attack scenario, an attacker could host a website ... that is used to exploit this vulnerability," Microsoft said in the security advisory.

     "In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website."

Internet Explorer 8

      It does appear that this vulnerability has already been exploited. According to reports, the flaw was recently used to attack Windows users who visited the Council on Foreign Relations website, a non-partisan U.S. foreign policy think tank. The site had been infected with malicious code since December 21, 2012, according to published reports.

     "We can also confirm that the malicious content hosted on the website does appear to use Adobe Flash to generate a heap spray attack against Internet Explorer version 8.0 (fully patched), which was the source of the zero-day vulnerability," noted security expert Darien Kindlund.

     Microsoft says this particular IE flaw affects only Internet Explorer 8 and older versions of its browser and does not affect Internet Explorer 9 and 10.

     To solve this problem, Microsoft has recently issued a temporary workaround for the problem in lieu of a full-fledged patch. If you use an older version of Internet Explorer, click here to visit and learn how to obtain the workaround.

     At the beginning of this post, I said that Part 2 would relate to Part 1. Well, now you know. I hope everyone finds this information useful. If you do, drop me a note at [email protected] and let me know.

     Until next week,

     Rob Nugent
     Hardware Specialist and Network Engineer
     CyberSpyder, Inc.

CyberSpyder, Inc.

Publish modules to the "offcanvs" position.