Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: IE Security - all versions except v10

19 Sep 2012   #1

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
IE Security - all versions except v10

Threat level goes HIGH, as Microsoft readies fix for critical Internet Explorer security hole
by Graham Cluley on September 19, 2012

Experts at SophosLabs have raised their threat level to "High" in response to an as-yet unpatched security vulnerability in Internet Explorer.
The zero day threat, which was uncovered at the weekend and impacts most versions of Windows, has already resulted in the German government advising users to stop using Internet Explorer.

Microsoft Security Advisory (2757760)
Vulnerability in Internet Explorer Could Allow Remote Code Execution

What is the scope of the advisory?
Microsoft is aware of a new vulnerability that affects Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9.

Is this a security vulnerability that requires Microsoft to issue a security update?
On completion of our investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.

What might an attacker use the vulnerability to do?
An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

How could an attacker exploit the vulnerability?
An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email.

I am running Internet Explorer for Windows Server 2003, Windows Server 2008, or Windows Server 2008 R2. Does this mitigate this vulnerability?
Yes. By default, Internet Explorer on Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode that is known as Enhanced Security Configuration. Enhanced Security Configuration is a group of preconfigured settings in Internet Explorer that can reduce the likelihood of a user or administrator downloading and running specially crafted web content on a server. This is a mitigating factor for websites that you have not added to the Internet Explorer Trusted sites zone.

What is the Enhanced Mitigation Experience Toolkit v3.0 (EMET)?
The Enhanced Mitigation Experience Toolkit (EMET) is a utility that helps prevent vulnerabilities in software from being successfully exploited. EMET achieves this by using security mitigation technologies. These technologies function as special protections and obstacles that an exploit author must defeat in order to exploit software vulnerabilities. These security mitigation technologies do not guarantee that vulnerabilities cannot be exploited, but work to make exploitation as difficult to accomplish as possible. In many instances, a fully functional exploit that can bypass EMET may never be developed. For more information, see Microsoft Knowledge Base Article 2458544.

Does EMET help mitigate attacks that try to exploit this vulnerability?
Yes. The Enhanced Mitigation Experience Toolkit (EMET) helps mitigate the exploitation of this vulnerability by adding additional protection layers that make the vulnerability harder to exploit. EMET is a utility that helps prevent vulnerabilities in software from being successfully exploited for code execution, by applying the latest security mitigation technologies. At this time, EMET is provided with limited support and is only available in the English language. For more information, see Microsoft Knowledge Base Article 2458544.

What is Address Space Layout Randomization (ASLR)?
Systems implementing Address Space Layout Randomization (ASLR) relocate normally-predictable function entry points pseudo-randomly in memory. Windows ASLR re-bases system DLLs and executables into one of 256 random locations in memory. Therefore, attackers using hardcoded addresses are likely to "guess correctly" one in 256 times. For more information regarding ASLR, visit the TechNet Magazine article, Inside the Windows Vista Kernel: Part 3.

My System SpecsSystem Spec
04 Nov 2012   #2

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem

"solved" due to age
My System SpecsSystem Spec

 IE Security - all versions except v10

Thread Tools

Similar help and support threads
Thread Forum
Problem with previous versions: "No previous versions available"
I (stupidly and accidentally) deleted all files in my "Downloads" folder. As in, hard deleted them - not to the recycle bin. I right-clicked the folder and picked "Properties", "Previous versions". Lo and behold, there were several previous versions. I opened the one from today, browsed through...
Backup and Restore
Previous Versions not working-There are no previous versions available
Hi, Whenever I try to restore a file (right click > "Restore previous versions") that I know has recently changed, I see: "There are no previous versions available" on the file's "Previous Versions" tab. I've been running Windows 7 x64 Business for a long time now, and I have never seen it...
Performance & Maintenance
Restore Previous Versions always says "There are no previous versions"
I've set up a scheduled daily backup of particular data folders on my C drive. The backups are taking place as scheduled, and the latest versions of the files are appearing in the backup. But when I use Win. Explorer and right-click>Restore Previous Versions, no previous versions show up. Daily...
Backup and Restore
OEM Versions?
This is actually a three part post. First some background: I build my own systems...for myself and for fun, not for profit. I have three machines: the current/newest, a five year old XP Pro build, and a Linux box. I've been putting the 64-bit version of the RC through stress and endurance on...
Installation & Setup

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 19:38.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App