New
#1
Thanks Shawn, I always find System Security interesting, especially the technical parts of how the exploits work and how the attacker is able to use them :)
Source: Microsoft Security Advisory (2887505): Vulnerability in Internet Explorer Could Allow Remote Code ExecutionMicrosoft Security Advisory (2887505)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
Published: Tuesday, September 17, 2013
Version: 1.0
General Information
Executive Summary
Microsoft is investigating public reports of a vulnerability in all supported versions of Internet Explorer. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability in Internet Explorer 8 and Internet Explorer 9. Applying the Microsoft Fix it solution, "CVE-2013-3893 MSHTML Shim Workaround," prevents the exploitation of this issue. See the Suggested Actions section of this advisory for more information.
The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.
On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.
We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers. In addition, we are actively working with partners to monitor the threat landscape and take action against malicious sites that attempt to exploit this vulnerability.
Microsoft continues to encourage customers to follow the guidance in the Microsoft Safety & Security Center of enabling a firewall, applying all software updates, and installing antimalware software.
Mitigating Factors:
- By default, Internet Explorer on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 runs in a restricted mode that is known as Enhanced Security Configuration. This mode mitigates this vulnerability.
- By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML email messages in the Restricted sites zone. The Restricted sites zone, which disables script and ActiveX controls, helps reduce the risk of an attacker being able to use this vulnerability to execute malicious code. If a user clicks a link in an email message, the user could still be vulnerable to exploitation of this vulnerability through the web-based attack scenario.
- An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
- In a web-based attack scenario, an attacker could host a website that contains a webpage that is used to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website.
Recommendation. Please see the Suggested Actions section of this advisory for more information.
Thanks Shawn, I always find System Security interesting, especially the technical parts of how the exploits work and how the attacker is able to use them :)
Just saw this today from another feed and was going to post if I didn't see it. Thanks Shawn!
Harry, you may find this interesting: https://blogs.technet.com | CVE-2013-3893: Fix it workaround available
Scroll down to almost the bottom,it shows a before, and after of how the FixIt strengthens the code.We also built an appcompat shim as a temporary Advanced Workaround to help protect against attempts to exploit this vulnerability.
There are only 23 patched bytes in whole Fix it to mitigate the vulnerability. The 23 patched bytes occur in two locations-the caller to redirect execution to the shim code, and the shim code itself. Here is an explanation of the patched bytes and what they do in IE9 running on Windows 7:
User friendly link to FixIt: https://support.microsoft.com/kb/2887505 Download is 1MB.
Source: Internet Explorer Zero-Day Exploit Prompts Emergency Microsoft Fix-ItThere's a new zero-day exploit attacking users of Internet Explorer, and Microsoft yesterday (Sept. 17) issued a security advisory and a "fix-it" temporarily patching the underlying software hole for most users.
I just love seeing these articles putting IE in the spotlight every time an exploit is discovered, while competely not giving a damn about Scroogle or Mozilla who just update their own exploits "silently".
This has long stopped being news... but thanks for posting anyway
I agree with you, and wondered if I should post this info...
What prompted me to post is that MS has issued a Security Advisory and Fix it for this.
Microsoft Security Advisory (2887505): Vulnerability in Internet Explorer Could Allow Remote Code Execution
For those people that use IE as the main browser, they may want to know about this and apply the temp Fix it...
My pleasure Harry,
My wife prefers IE(10) at home because that is what her employer uses at her work, although she will use my FF24 if its already up and running, so I keep up with any and all security problems, updates, and upgrades.
I thank all who post security updates of any kind.
The more informations shared the better in my mind.
Microsoft says:
SourceThis Fix it solution is not intended to be a replacement for any security update. We recommend that you always install the latest security updates. However, we offer this Fix it solution as a workaround option for some scenarios.
If I apply the Fix it solution, and Microsoft eventually provides a traditional security update on some Patch Tuesday, will the Fix it solution need to be uninstalled first before installing the security update? Or does the security update automatically take care of uninstalling the Fix it?
Just curious since there's two buttons: one to enable the Fix it and one to disable it. Or is the disable button provided in case the Fix it hoses a computer?