Microsoft Security Advisory 2458511 Released

[Corrine]

Microsoft released Security Advisory 2458511 which relates to a vulnerability in Internet Explorer that could allow remote code execution. The vulnerability does not affect IE9 Beta but the other versions of IE are affected.

As indicated in the MSRC Blog, the impact of this vulnerability is extremely limited. Microsoft is not aware of any affected customers. From the report it was indicated that the exploit code was discovered on a single website which is no longer hosting the malicious code.

It is important to note that all attack Microsoft has seen are all blocked by DEP which is enabled by default on IE8 and can also be enabled for earlier versions of IE. Additional mitigations are described in DEP, EMET protect against attacks on the latest Internet Explorer vulnerability and the Security Advisory.

References:

• DEP, EMET protect against attacks on the latest Internet Explorer vulnerability
• Microsoft Security Advisory (2458511)
• Microsoft Releases Security Advisory 2458511

 

[NoN]

the impact of this vulnerability is extremely limited

Humm, not yet on windows update...Dep is enable here but guess:

"At this time, we are aware of targeted attacks attempting to use this vulnerability. We will continue to monitor the threat environment and update this advisory if this situation changes. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs."

Next week maybe!!

 

[Corrine]

Unless it is a fairly "simple" fix, next week may be a bit premature. It takes time to go through all the test scenarios and then do all the translations.

 

[Fayla]

I un-ticked IE 8 from the installed feature list. Would my computer still be vulnerable to this?

Unless it is a fairly "simple" fix, next week may be a bit premature. It takes time to go through all the test scenarios and then do all the translations.

 

[Corrine]

Hi, Rei Tumult.

Did you disable DEP on IE8? If not, then you should be fine since all attacks Microsoft has seen are blocked by DEP.

If you are not using IE 6, IE7 or IE8, then your computer is not vulnerable to this particular Advisory.

Note also, from the MSRC Blog post:

The exploit code was discovered on a single website which is no longer hosting the malicious code. When a website is discovered to host malicious software, we work through legal channels to take the site down. {Bold added}

 

[Layback Bear]

How can Microsoft check all the websites in the world.
Answers.com - How many web sites are there in the World Wide Web

 

[Corrine]

Microsoft doesn't and cannot do it alone, Layback Bear. The infected website could have been discovered by Microsoft, by one of the 70 MAPP partners, through responsible disclosure. Take a look at the acknowledgments at the bottom of the October Security Bulletin Release. There is a list of about 30 researchers who provided information.

Microsoft policy: Acknowledgment Policy for Microsoft Security Bulletins

The responsibility for Microsoft's products rests with Microsoft alone, and we take that responsibility very seriously. However, there has traditionally been an unwritten rule among security professionals that the discoverer of a security vulnerability has an obligation to give the vendor an opportunity to correct the vulnerability before publicly disclosing it. This serves everyone's best interests, by ensuring that customers receive comprehensive, high-quality patches for security vulnerabilities but are not exposed to malicious users while the patch is being developed. Once customers are protected, public discussion of the vulnerability is entirely in order, and helps the industry at large improve its products.

 

[wilywombat]

New zero day flaw for IE all versions

This article warns of a new exploit on IE...although not many details have been given:- New zero day flaw hits Microsoft’s Internet Explorer | IT PRO

 

[Layback Bear]

Thanks Corrine. I understand now.