M icrosoft has released emergency advisory ‘Vulnerability in Internet Explorer Could Allow Remote Code Execution’ which is a zero day exploit that hackers exploited zero day vulnerability in IE versions 8 and 9 on Windows XP and Windows 7. This is after investigating public reports of the vulnerability. The vulnerability affects “all supported versions of its browser (IE6, IE7, IE8, IE9, IE10, and IE11).” ( Emil Protalinski, 2013).
Zero day vulnerabilities also known as zero day attacks are software holes or backdoors that are not known by the vendor, meaning that the attack occurs on ‘day zero of reaction of the exposure. The developers will have had zero days to address and patch the vulnerability. The company has found that the flaw could potentially affect all supported versions, although it says that running “modern versions” of IE has the advantage of additional security features that can help prevent successful attacks. The flaw in question makes remote code execution possible if you browse to a website containing malicious content for your specific browser type (an attacker can either compromise a regularly frequented and trusted site or convince the user to click a link in another application). *1. **How the vulnerability is exploited* The vulnerability exploits the “way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.”(Microsoft Security TechCenter, 2013). The attacker who successfully exploits this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. In a web-based attack scenario, an attacker could host a website that contains a webpage that is used to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker’s website.” (Microsoft Security TechCenter, 2013) *2. **Mitigation strategies* Currently, Microsoft has not completed the investigations to provide a solution through security update. The only solution is just implementing the following mitigation techniques; a) Disable for critical webservers (Internet Explorer on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2) to run in a restricted mode. b) Run all critical services and applications in the in the Restricted sites zone (Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML email messages). “The Restricted sites zone, which disables script and ActiveX controls, helps reduce the risk of an attacker being able to use this vulnerability to execute malicious code. If a user clicks a link in an email message, the user could still be vulnerable to exploitation of this vulnerability through the web-based attack scenario.” (Microsoft Security TechCenter, 2013) c) Enable / Set Internet and local intranet security zone settings to “High” to block ActiveX Controls and Active Scripting. d) Configure Internet Explorer to send alerts before running Active Scripting e) Fully disable Active Scripting in the Internet and local intranet security zones.(This option may affect normal work environment, caution should be taken when implementing this option) f) Download Microsoft Fix it solution tool and run the tool on the host to mitigate the vulnerability References [1] Emil Protalinski, 2013, Microsoft releases temporary fix for vulnerability in all IE versions, warns of targeted IE8 and IE9 attacks. Retrieved 20th September, 2013 fromhttp://thenextweb.com/microsoft/2013/09/17/microsoft-investigating-new-ie-vulnerability-in-all-versions-warns-of-targeted-attacks-against-ie8-and-ie9/ [2] Microsoft Security TechCenter, (2013), Microsoft Security Advisory (2887505) – Vulnerability in Internet Explorer Could Allow Remote Code Execution. Retrieved 19th September, 2013 from http://technet.microsoft.com/en-us/security/advisory/2887505 *Appendix 1 – Table 1- Affected Software* *Operating System**Component**Internet Explorer 6*Windows XP Service Pack 3Internet Explorer 6Windows XP Professional x64 Edition Service Pack 2Internet Explorer 6Windows Server 2003 Service Pack 2Internet Explorer 6Windows Server 2003 x64 Edition Service Pack 2Internet Explorer 6Windows Server 2003 with SP2 for Itanium-based SystemsInternet Explorer 6*Internet Explorer 7*Windows XP Service Pack 3Internet Explorer 7Windows XP Professional x64 Edition Service Pack 2Internet Explorer 7Windows Server 2003 Service Pack 2Internet Explorer 7Windows Server 2003 x64 Edition Service Pack 2Internet Explorer 7Windows Server 2003 with SP2 for Itanium-based SystemsInternet Explorer 7Windows Vista Service Pack 2Internet Explorer 7Windows Vista x64 Edition Service Pack 2Internet Explorer 7Windows Server 2008 for 32-bit Systems Service Pack 2Internet Explorer 7Windows Server 2008 for x64-based Systems Service Pack 2Internet Explorer 7Windows Server 2008 for Itanium-based Systems Service Pack 2Internet Explorer 7*Internet Explorer 8*Windows XP Service Pack 3Internet Explorer 8Windows XP Professional x64 Edition Service Pack 2Internet Explorer 8Windows Server 2003 Service Pack 2Internet Explorer 8Windows Server 2003 x64 Edition Service Pack 2Internet Explorer 8Windows Vista Service Pack 2Internet Explorer 8Windows Vista x64 Edition Service Pack 2Internet Explorer 8Windows Server 2008 for 32-bit Systems Service Pack 2Internet Explorer 8Windows Server 2008 for x64-based Systems Service Pack 2Internet Explorer 8Windows 7 for 32-bit Systems Service Pack 1Internet Explorer 8Windows 7 for x64-based Systems Service Pack 1Internet Explorer 8Windows Server 2008 R2 for x64-based Systems Service Pack 1Internet Explorer 8Windows Server 2008 R2 for Itanium-based Systems Service Pack 1Internet Explorer 8*Internet Explorer 9*Windows Vista Service Pack 2Internet Explorer 9Windows Vista x64 Edition Service Pack 2Internet Explorer 9Windows Server 2008 for 32-bit Systems Service Pack 2Internet Explorer 9Windows Server 2008 for x64-based Systems Service Pack 2Internet Explorer 9Windows 7 for 32-bit Systems Service Pack 1Internet Explorer 9Windows 7 for x64-based Systems Service Pack 1Internet Explorer 9Windows Server 2008 R2 for x64-based Systems Service Pack 1Internet Explorer 9*Internet Explorer 10*Windows 7 for 32-bit Systems Service Pack 1Internet Explorer 10Windows 7 for x64-based Systems Service Pack 1Internet Explorer 10Windows Server 2008 R2 for x64-based Systems Service Pack 1Internet Explorer 10Windows 8 for 32-bit SystemsInternet Explorer 10Windows 8 for 64-bit SystemsInternet Explorer 10Windows Server 2012Internet Explorer 10Windows RTInternet Explorer 10*Internet Explorer 11*Windows 8.1 for 32-bit SystemsInternet Explorer 11Windows 8.1 for 64-bit SystemsInternet Explorer 11Windows Server 2012 R2Internet Explorer 11Windows RT 8.1Internet Explorer 11 -- You received this message because you are subscribed to the Google Groups "NFORCEIT" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
