|20 Apr 2010||#1|
| || |
Guidance on Internet Explorer XSS Filter
The XSS Filter related Blackhat EU presentation discussed a vulnerability that was previously disclosed and addressed in the January security update to Internet Explorer (MS10-002). This attack scenario involved modified HTTP responses, enabling XSS on sites that would not otherwise be vulnerable.
An additional update tothe IE XSS Filteris currently scheduled for release in June. This change will address a SCRIPT tag attack scenario described in the Blackhat EU presentation. This issue manifests when malicious script can “break out” from within a construct that is already within an existing script block. While the issue identified and addressed in MS10-002 was identified to exist on high-profile web sites, thus far real-world examples of the SCRIPT tag neutering attack scenario have been hard to come by.
Like many security issues – take malware as an example – attack vectors are always a moving target. The role of the browser maker is to do everything we can to keep people safe without them having to do a lot of extra work.
In the case of the Internet Explorer XSS Filter, researchers found scenarios that are generally applicable across XSS filtering technologies in all currently shipping browsers with this technology built-in. In January (MS10-002) and again in March (MS10-018), we took steps to mitigate this threat class and we’ll take the next major step in the June timeframe. Overall we maintain that it’s important to use a browser with an XSS Filter, as the benefits of protection from a large class of attacks outweigh the potential risks from vulnerabilities in most cases.
We look forward to continuing to improve the Internet Explorer XSS Filter going forward to address new attack scenarios and the evolving threat landscape.
*This posting is provided "AS IS" with no warranties, and confers no rights*
|My System Specs|
|20 Apr 2010||#2|
| || |
The IE8 filter works by scanning outbound requests for strings that may be malicious. When such a string is detected, IE8 will dynamically generate a regular expression matching the outbound string. The browser then looks for the same pattern in responses from the server. If a match is made anywhere in the server's response, the browser assumes that a reflected XSS attack is being conducted and the browser will automatically alter the response so that the XSS attack cannot succeed. The researchers figured out a way to use IE8's altered response to conduct simple abuses and universal cross-site scripting attacks, which worked against sites that would not otherwise have been vulnerable to XSS.Microsoft says that they have issued two patches that address the issue, but the researchers insist that holes remain.
SourceSlashdot Technology Story | IE8's XSS Filter Exposes Sites To XSS Attacks
|My System Specs|
|Similar help and support threads for2: Guidance on Internet Explorer XSS Filter|
|Internet Explorer SmartScreen Filter - Report Unsafe Website||Tutorials|
|Internet Explorer SmartScreen Filter - Turn On or Off||Tutorials|
|InPrivate Filter Manager for Internet Explorer 8||Browsers & Mail|
|Internet Explorer - Cross-site Scripting (XSS) Filter - Turn On or Off||Tutorials|
|Internet Explorer SmartScreen Filter - Manually Check a Website||Tutorials|
|Guidance on Internet Explorer XSS Filter.||Browsers & Mail|
|AC3 Filter Configuration Internet Explorer Removal?||Software|