27-04-2014, 19:59 #1
[EN] Vulnerability in Internet Explorer 6-11 Could Allow Remote Code ExecutionMicrosoft is aware of limited, targeted attacks that attempt to exploit a vulnerability in Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11.
The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.
On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.
We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers.
Microsoft continues to encourage customers to follow the guidance in the Microsoft Safety & Security Center of enabling a firewall, applying all software updates, and installing antimalware software.
- By default, Internet Explorer on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 runs in a restricted mode that is known as Enhanced Security Configuration. This mode mitigates this vulnerability.
- By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML email messages in the Restricted sites zone. The Restricted sites zone, which disables script and ActiveX controls, helps reduce the risk of an attacker being able to use this vulnerability to execute malicious code. If a user clicks a link in an email message, the user could still be vulnerable to exploitation of this vulnerability through the web-based attack scenario.
- An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
- In a web-based attack scenario, an attacker could host a website that contains a webpage that is used to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website.
27-04-2014, 20:02 #2
New Vulnerability Hits Internet ExplorerA newly discovered flaw affecting several versions of Microsoft’s Internet Explorer has left a significant portion of the world’s web browsers vulnerable to attack.
Disclosed in an unusual Saturday alert from Microsoft, the flaw is being called a serious “Zero Day” vulnerability by security company FireEye, which claims it affects more than 56 percent of the world’s web browsers currently in use.
It’s a remote code execution vulnerability, which in English means a bad guy can make a target computer run software after a successful attack. “The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer,” Microsoft’s alert reads. The phrase “arbitrary code” means pretty much any software that the attacker chooses to run.
In a post to its Security Response Center blog, Microsoft explains that the company has so far seen only “limited attacks” exploiting the vulnerability. It says attacks typically occur when a target has been convinced to click on a link.
FireEye, in a post of its own has declared the exploit a zero-day vulnerability, so named because they’re undisclosed or leave potential victims with zero days of warning. The company claims a gang of attackers has already launched a campaign exploiting the flaw.
Microsoft’s full security advisory goes into more detail, explaining that the vulnerability affects every version of the browser from Internet Explorer 6 through 11. FireEye says that most attacks are targeting IE9 through 11, which together account for more than 26 percent of the web browsers currently in use around the world. But when you add in IE versions 6 through 8, you’re talking about more like 56 percent.
Microsoft says that Internet Explorer 10 and 11 with Enhanced Protected Mode — which is enabled by default on those browsers — protects against attacks exploiting the vulnerability. The company is still investigating the matter and will provide an update when it’s complete.
FireEye goes into further detail, saying the vulnerability originates in Flash, the animation and video software from Adobe, and can be exploited using a well-known technique (Many technical details here) to access a computer’s memory, where malignant code can be deployed.
In one scenario, an attacker can create a website that is specifically designed to take advantage of this vulnerability, and then convince people using Explorer to click through. So if you use Explorer, be on the lookout for suspicious-looking email messages with Web links in them.
So who’s behind the attacks FireEye says are exploiting this new vulnerability? The company doesn’t go into a lot of detail, but it does say it’s an APT Group, which stands for “Advanced Persistent Threat.” FireEye generally saves that designation for the most serious and technically sophisticated of attackers.
“The APT group responsible for this exploit has been the first group to have access to a select number of browser-based Zero-Day exploits in the past,” FireEye explains. “They are extremely proficient at lateral movement and are difficult to track, as they typically do not reuse command and control infrastructure.”
FireEye says this same group was tied to a backdoor vulnerability known as Pirpi that appeared in 2010.
28-04-2014, 17:21 #3
Adobe Patches Flash Flaw That Allows Attacks in Microsoft BrowserAdobe said that it had pushed out an update for Flash that should put a stop to a series of attacks being carried out against users of Microsoft’s Internet Explorer Web browser.
Microsoft issued a related advisory on the issue concerning several versions of Windows and IE. The vulnerability takes advantage of a bug related to Flash as part of the way it attacks users systems.
The update comes on the same day that the U.S. government took the unusual step of suggesting that IE users consider switching to another browser.
That at least was one bit of official advice from US-CERT, the United States Computer Emergency Readiness Team, in response to the disclosure over the weekend of a significant zero-day vulnerability that affects IE versions 6 through 11, or more than half of the Web browsers in use around the world.
The organization, a branch of the U.S. Department of Homeland Security, said it was aware of “active exploitation” of the vulnerability, meaning attacks against unwitting users, which could “lead to the complete compromise of an affected system.” US-CERT went on in a more detailed bulletin to repeat what the security company FireEye reported over the weekend, that the attack involves enticing users to click through to specially created Web pages that exploit the vulnerability. So as always, be mindful of what links you click.
If you’re using IE as your browser of choice, be sure to download the updates and follow Microsoft’s advice.