nsane.forums Posted November 3, 2010 Share Posted November 3, 2010 Microsoft has raised an alarm for a new round of targeted malware attacks against a zero-day vulnerability in its dominant Internet Explorer browser. The vulnerability affects all supported versions of Internet Explorer and can be exploited to launch remote code execution (drive by download) attacks, Microsoft said in an advisory. From Microsoft's advisory: The vulnerability exists due to an invalid flag reference within Internet Explorer. It is possible under certain conditions for the invalid flag reference to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution. According to Symantec's Vikram Thakur, the IE flaw is being used in a blended attack that combines social engineering (well-tailored e-mail lures) and drive-by downloads to load a backdoor Trojan on infected computers. Thakur said the hackers sent e-mails to a select group of individuals within targeted organizations. "Within the e-mail the perpetrators added a link to a specific page hosted on an otherwise legitimate website. The hackers had gotten access to the website account and uploaded content without the owners knowing," he explained. He said the the link pointed to a page which contained a script looking to see what OS/browser combination the target was using. "Since the specific exploit page only worked when someone was using Internet Explorer 6 and 7, the script only transferred the visitor to the page hosting the exploit when this condition was met. In other cases the users didn't see anything but a blank website," Thakur said. Although the exploit is geared towards IE 6 and IE 7 users, Microsoft makes it clear the vulnerability also affects IE 8 on all supported versions of Windows. Visitors who were served the exploit page didn't realize it, but went on to download and run a piece of malware on their computer without any interaction at all. The vulnerability allowed for any remote program to be executed without the end user's notice. Once infected, the malware set itself to start up with the computer, along with a service named 'NetWare Workstation'. The piece of malware opens a backdoor on the computer and then contacts remote servers. It tries to contact a specific server hosted in Poland for small files named with a .gif extension. These small files are actually encrypted files with commands telling the Trojan what to do next. Microsoft says Internet Explorer 9 Beta users are not affected by this issue. Impacted versions include Internet Explorer 6, 7 and 8, although our ongoing investigation confirms that default installations of IE8 are unlikely to be exploited by this issue. This is due to the defense in depth protections offered by Data Execution Prevention (DEP), which is enabled by default in Internet Explorer 8 on all supported Windows platforms. MITIGATIONS: In the absence of a patch, Microsoft recommends that IE users: Override the Web site CSS style with a user defined CSSDeploy the Enhanced Mitigation Experience ToolkitEnable Data Execution Prevention (DEP) for Internet Explorer 7Read e-mails in plain textSet Internet and Local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones Instructions for deploying these mitigations are available in Microsoft Security Advisory (2458511). View: Original Article Link to comment Share on other sites More sharing options...
Administrator DKT27 Posted November 3, 2010 Administrator Share Posted November 3, 2010 There you go. This is what IE is famous for. Link to comment Share on other sites More sharing options...
HX1 Posted November 3, 2010 Share Posted November 3, 2010 I am not effected either way.. :) :thumbsup: IE8 by default on Windows 7 plus I am using the new IE9 Beta... Link to comment Share on other sites More sharing options...
irefay Posted November 3, 2010 Share Posted November 3, 2010 There you go. This is what IE is famous for.Exacly. But why dont/cant they do something about it? I mean its been at LEAST 10 years of the same old shit. "we have the most market share" doesnt mean jack. You should be able to have quicker fixes since you have more resources availible. Link to comment Share on other sites More sharing options...
HX1 Posted November 3, 2010 Share Posted November 3, 2010 What I honestly feel is that support for all other versions of IE should be stopped..Microsoft should issue an update to kill all other versions.. systems should be updated and one should never disable DEP. I mean the majority of what I see being vulnerable here are old versions.. and changes to settings from default which are ill-advised.....although our ongoing investigation confirms that default installations of IE8 are unlikely to be exploited by this issue. This is due to the defense in depth protections offered by Data Execution Prevention (DEP), which is enabled by default in Internet Explorer 8 on all supported Windows platforms.It would be like saying that Adobe should go all the way back to version 6 when Flash was Macromedia and rewrite those versions with an update to be safe.. Everyone should be running IE8 minimum right now with DEP in place... There really is no reason that businesses and corporate entities should be sitting on a version which is what 12 years old ... Especially not a home user.. Especially when it has known vulnerabilities and holes.. I mean the majority of updates that we do everyday.. cover bugs, vulnerabilities.. and security... Every program out there... Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.