

Microsoft issues Internet Explorer zero-day warning - trotsky
https://www.microsoft.com/technet/security/advisory/2488013.mspx

======
mmastrac
This one is a guaranteed way to get infected by malware. It even has an active
proof-of-concept exploit that will launch arbitrary executables:

<http://www.exploit-db.com/exploits/15746/>

Don't let family and friends surf with IE!

------
trotsky
Aside from the obvious, if you are responsible for any hosting or internet
presence services that have a free option and allow you to serve arbitrary or
unsanitized CSS you should probably keep an eye out for people using your
platform for drive by attacks.

------
InclinedPlane
Why do people insist on using the term "zero-day"? It means nothing other than
an unpatched vulnerability.

~~~
dangrossman
Not quite. It means a vulnerability that was being exploited before the
software developer was aware of the exploit.

If Microsoft issued a warning about a vulnerability they didn't know was
already being exploited, it's not a zero-day exploit.

If Mcirosoft was informed of the vulnerability a week ago and it's being
exploited today, it's not a zero-day exploit.

If Microsoft issued a warning about a vulnerability they already patched but
saw being exploited because the patch isn't widely installed yet, it's not a
zero-day exploit.

~~~
InclinedPlane
Tell that to everyone using the term "zero-day", they don't seem to be aware.

