Windows 7 exploit able to get past Microsoft’s best defenses

[Batu69]

Researchers at the California-based security firm  FireEye have taken notice that the Angler browser exploit kit, a malware bundle used by online criminals to methodically penetrate your web browser and your PC, is now able to get past two of Microsoft’s strongest defenses: the Enhanced Mitigation Experience Toolkit and data execution prevention, both of which are routinely used to beef up Windows security.

 

The bypass has been observed on Windows 7 machines with the Microsoft Silverlight or Adobe Flash Player browser plugin activated. There’s no word on whether the exploit works on Windows 8.1 or Windows 10.

 

Exploits like this are secretly embedded in malicious or hijacked websites and online ads, attacking visiting web browsers, quickly assessing the version number, plugins and underlying platform of each browser, then refining the malware for the specific browser. After being installed, the exploit kit is free to load all sorts of malware, ransomware, banking Trojans, and more onto your system.

 

The website describes the way to stay clear of the exploit as simply disabling Adobe Flash Player and Microsoft Silverlight, or setting them to click-to-play.

 

Article source

[vissha]

Then WTF MS and other Bu**Sh** fans/devs/IT Pros & Biz frndz of Windows 10 telling Windows 10 is secure and safe than Windows XP/Vista/7/8/8.1?

If you count the total vulnerabilities including hidden/undisclosed in older versions and 10, you'll find that Win 10 will be the topper with more numbers. Win 10 promoters should be ashamed of their activities and bow their heads to older version fans, Linux community & Mac.

[straycat19]

3 hours ago, Batu69 said:

get past two of Microsoft’s strongest defenses

 

That's a joke.  Microsoft has never had 'strong defenses', if they did every AV, IS, and Firewall company would be out of business.  I stated months ago that we found an exploit from Windows 3.1 that works in Windows 10 but not in 7 or 8.1.  10 is a joke, they are more concerned with collecting your metadata (shades of NSA) than they are keeping your computer safe.  Because if your computer was really safe and secure they couldn't get the data.  Every port they open, every connection they initiate, is a possible point of entrance for an exploit of some type.  That is the reason most security personnel lock down systems and don't allow connections on ports or IPs that are not approved or needed in their environment.  Something home users don't  have the knowledge or skills to do and thus are subject to all the Microsoft initiated exploits to their systems.  Windows 10 is no better than the Blaster Worm or anything else that has infected millions of computers.  Why are people so stupid they can't understand this?  And the Fanboys, IT Gurus, etc that write such glowing reports about it always go on to say 'you can install this or that to stop the spying' but if the OS was any good why would it be spying and why would we have to stop it.  Want to know what you can do with Windows 10?  Stick it where the sun don't shine (and my metadata isn't available to be copied.)

 

[Holmes]

I was going to say data execution prevention is not a strong defense if anything its a nuisance I dont kknow how many times I have heard users complain a program wont load add it to data execution prevention exceptions it does alot of harm very little good and EMET is exploited almost every month this is not new.  The problem is microsoft doesnt know how to secure there code.