Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Vulnerability in Internet Explorer Could Allow Remote Code Execution


17 Sep 2013   #1
Microsoft MVP

64-bit Windows 8.1 Enterprise
 
 
Vulnerability in Internet Explorer Could Allow Remote Code Execution

Quote:
Microsoft Security Advisory (2887505)

Vulnerability in Internet Explorer Could Allow Remote Code Execution

Published: Tuesday, September 17, 2013
Version: 1.0

General Information

Executive Summary

Microsoft is investigating public reports of a vulnerability in all supported versions of Internet Explorer. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability in Internet Explorer 8 and Internet Explorer 9. Applying the Microsoft Fix it solution, "CVE-2013-3893 MSHTML Shim Workaround," prevents the exploitation of this issue. See the Suggested Actions section of this advisory for more information.

The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.

On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.

We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers. In addition, we are actively working with partners to monitor the threat landscape and take action against malicious sites that attempt to exploit this vulnerability.

Microsoft continues to encourage customers to follow the guidance in the Microsoft Safety & Security Center of enabling a firewall, applying all software updates, and installing antimalware software.


Mitigating Factors:


  • By default, Internet Explorer on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 runs in a restricted mode that is known as Enhanced Security Configuration. This mode mitigates this vulnerability.
  • By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML email messages in the Restricted sites zone. The Restricted sites zone, which disables script and ActiveX controls, helps reduce the risk of an attacker being able to use this vulnerability to execute malicious code. If a user clicks a link in an email message, the user could still be vulnerable to exploitation of this vulnerability through the web-based attack scenario.
  • An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • In a web-based attack scenario, an attacker could host a website that contains a webpage that is used to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website.
Recommendation. Please see the Suggested Actions section of this advisory for more information.
Source: Microsoft Security Advisory (2887505): Vulnerability in Internet Explorer Could Allow Remote Code Execution

My System SpecsSystem Spec
.

17 Sep 2013   #2

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x86 Service Pack 1 - Linux Mint Mate 14 x64
 
 

Thanks Shawn, I always find System Security interesting, especially the technical parts of how the exploits work and how the attacker is able to use them
My System SpecsSystem Spec
19 Sep 2013   #3

Microsoft Community Contributor Award Recipient

Win 7 Home Premium 64bit Ver 6.1.7600 Build 7601 - SP1
 
 

Just saw this today from another feed and was going to post if I didn't see it. Thanks Shawn!

Harry, you may find this interesting: https://blogs.technet.com | CVE-2013-3893: Fix it workaround available

Scroll down to almost the bottom,
Quote:
We also built an appcompat shim as a temporary Advanced Workaround to help protect against attempts to exploit this vulnerability.

There are only 23 patched bytes in whole Fix it to mitigate the vulnerability. The 23 patched bytes occur in two locations-the caller to redirect execution to the shim code, and the shim code itself. Here is an explanation of the patched bytes and what they do in IE9 running on Windows 7:
it shows a before, and after of how the FixIt strengthens the code.


User friendly link to FixIt: https://support.microsoft.com/kb/2887505 Download is 1MB.
My System SpecsSystem Spec
.


19 Sep 2013   #4

Win 7 Pro x64 SP1, Win 7 Ult x86 SP1
 
 
New zero-day exploit attacking users of Internet Explorer

Quote:
There's a new zero-day exploit attacking users of Internet Explorer, and Microsoft yesterday (Sept. 17) issued a security advisory and a "fix-it" temporarily patching the underlying software hole for most users.
Source: Internet Explorer Zero-Day Exploit Prompts Emergency Microsoft Fix-It
My System SpecsSystem Spec
19 Sep 2013   #5

Windows 7 Home Premium x64
 
 

I just love seeing these articles putting IE in the spotlight every time an exploit is discovered, while competely not giving a damn about Scroogle or Mozilla who just update their own exploits "silently".

This has long stopped being news... but thanks for posting anyway
My System SpecsSystem Spec
19 Sep 2013   #6

Win 7 Pro x64 SP1, Win 7 Ult x86 SP1
 
 

I agree with you, and wondered if I should post this info...
What prompted me to post is that MS has issued a Security Advisory and Fix it for this.
Microsoft Security Advisory (2887505): Vulnerability in Internet Explorer Could Allow Remote Code Execution
For those people that use IE as the main browser, they may want to know about this and apply the temp Fix it...
My System SpecsSystem Spec
19 Sep 2013   #7

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x86 Service Pack 1 - Linux Mint Mate 14 x64
 
 

Quote   Quote: Originally Posted by Anak View Post
Just saw this today from another feed and was going to post if I didn't see it. Thanks Shawn!

Harry, you may find this interesting: https://blogs.technet.com | CVE-2013-3893: Fix it workaround available

Scroll down to almost the bottom,
Quote:
We also built an appcompat shim as a temporary Advanced Workaround to help protect against attempts to exploit this vulnerability.

There are only 23 patched bytes in whole Fix it to mitigate the vulnerability. The 23 patched bytes occur in two locations-the caller to redirect execution to the shim code, and the shim code itself. Here is an explanation of the patched bytes and what they do in IE9 running on Windows 7:
it shows a before, and after of how the FixIt strengthens the code.


User friendly link to FixIt: https://support.microsoft.com/kb/2887505 Download is 1MB.
Thanks Steve
My System SpecsSystem Spec
19 Sep 2013   #8

Microsoft Community Contributor Award Recipient

Win 7 Home Premium 64bit Ver 6.1.7600 Build 7601 - SP1
 
 

My pleasure Harry,

My wife prefers IE(10) at home because that is what her employer uses at her work, although she will use my FF24 if its already up and running, so I keep up with any and all security problems, updates, and upgrades.
My System SpecsSystem Spec
19 Sep 2013   #9

Windows 7 Pro. 64/SP-1
 
 

I thank all who post security updates of any kind.
The more informations shared the better in my mind.
My System SpecsSystem Spec
19 Sep 2013   #10

Microsoft Community Contributor Award Recipient

Win 7 Pro 64-bit
 
 

Microsoft says:

Quote:
This Fix it solution is not intended to be a replacement for any security update. We recommend that you always install the latest security updates. However, we offer this Fix it solution as a workaround option for some scenarios.
Source

If I apply the Fix it solution, and Microsoft eventually provides a traditional security update on some Patch Tuesday, will the Fix it solution need to be uninstalled first before installing the security update? Or does the security update automatically take care of uninstalling the Fix it?

Just curious since there's two buttons: one to enable the Fix it and one to disable it. Or is the disable button provided in case the Fix it hoses a computer?
My System SpecsSystem Spec
Reply

 Vulnerability in Internet Explorer Could Allow Remote Code Execution




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 09:51 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33