Microsoft urges customers to install security tool

[Thankful]

Quote:

Some security experts said computer users should avoid Internet Explorer, even if they install the EMET security tool available from Microsoft

.
http://www.nbcnews.com/technology/te...tool-1B5948322

[siljaline]

Attackers exploit unpatched Internet Explorer vulnerability

Quote:

According to a Blog post by security specialist Eric Romang, a security hole in Microsoft's Internet Explorer web browser is being used by cyber criminals to infect computers with malware. The vulnerability, which was apparently unknown and unpatched until now, seems to hinge on how IE handles <img> arrays in HTML files. So far, the attackers have only targeted versions 7 and 8 of IE on fully patched Windows XP SP3 systems; it is not yet certain whether the exploit can be used with other software combinations.

H-Online article, Ars Article

[siljaline]

Microsoft Security Advisory (2757760)
Vulnerability in Internet Explorer Could Allow Remote Code Execution

Quote:

Microsoft is investigating public reports of a vulnerability in Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9. Internet Explorer 10 is not affected. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability.

A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.

On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.

Advisory: http://technet.microsoft.com/en-us/s...visory/2757760

[CloneRanger]

@ Thankful

Thanks for the info

From one of siljaline links

Quote:

In the current attack, a specially prepared web page executes a Flash applet that uses heap spraying to distribute shellcode in the system memory. It then reloads an iframe that uses the IE vulnerability to run the shellcode. According to an analysis from security firm Alien Vault, the remote administration tool (RAT) Poison Ivy is currently being distributed in this way in order to give the attackers complete access to the infected system.

http://www.h-online.com/security/new...y-1709592.html

How to protect = Simple

Set Flash to Disable or Prompt.

Disable or Prompt iframes.

Even without the above settings, Poison Ivy etc won't Install/Run if you have for eg an AntiExe etc in place.

Why don't writers of such articles inform people about such Easily preventative measures ? Which have available for Years, even as far back as 98SE days

From the PoisonIvy PDF "Helpfile"

Quote:

The plugins (as well as the server and key logger file) are stored encrypted in ADS (Alternative Data Stream) on NTFS partitions (they are stored normally on FAT32)

A good reason for not having ADS I've always chosen to have FAT32, so no ADS here

[wat0114]

Quote:

Originally Posted by CloneRanger

Why don't writers of such articles inform people about such Easily preventative measures ? Which have available for Years, even as far back as 98SE days

Because doing so would hurt antivirus sales

[Cutting_Edgetech]

I don't use IE, but I would be willing to bet it will never get past Appguard.

[moontan]

Quote:

On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.

maybe they should offer a link to Google Chrome instead.

[The Hammer]

There should be an update within a week according to a Toronto Sun article. http://www.torontosun.com/2012/09/18...-security-flaw

[Triple Helix]

The one security tool every Windows user should know about?

http://www.zdnet.com/blog/bott/the-o...now-about/2848

TH

[moontan]

Quote:

Originally Posted by Triple Helix

The one security tool every Windows user should know about?

http://www.zdnet.com/blog/bott/the-o...now-about/2848

TH

from the first post:

Quote:

Some security experts said computer users should avoid Internet Explorer, even if they install the EMET security tool available from Microsoft

[Trooper]

Quote:

Originally Posted by The Hammer

There should be an update within a week according to a Toronto Sun article. http://www.torontosun.com/2012/09/18...-security-flaw

Thanks for the info man.

[Aventador]

Quote:

Originally Posted by moontan

maybe they should offer a link to Google Chrome instead.

Best reply Yet. Kudos.

[ronjor]

Quote:

MSRC
Additional information about Internet Explorer and Security Advisory 2757760
32 minutes ago
by MSRCTeam

We will release a Fix it in the next few days to address an issue in Internet Explorer, as outlined in the Security Advisory 2757760 that we released yesterday.

https://blogs.technet.com/b/msrc/?Redirected=true

[Dark Shadow]

Quote:

Originally Posted by Cutting_Edgetech

I don't use IE, but I would be willing to bet it will never get past Appguard.

I am willing to bet your wright.

[Dark Shadow]

Comodo Dragon.

[siljaline]

As per Ron's post, we should see a fix likely on Windows Update within the next few days. Watch this space for more information as it becomes available.

[Thankful]

Quote:

The company said it planned to release software to protect PCs from attack within the next few days. Customers must manually install the code by visiting Microsoft's website and clicking on a link.

Microsoft did not say how long it will take to release a full update to Internet Explorer, which will automatically be loaded onto the machines of most customers. Several security researchers have said they expect the update within a week.

http://www.nbcnews.com/technology/te...orer-1B5950439

[ronjor]

Fix it located here. http://support.microsoft.com/kb/2757760

Also, see this. http://www.wilderssecurity.com/showthread.php?t=332574

[ronjor]

Quote:

More information on Security Advisory 2757760's Fix It

Today, we revised Security Advisory 2757760 with two new pieces of information:

A Fix It solution is available to address the vulnerability via an app-compat shim
The comprehensive security update will be released out-of-band on Friday.

In this blog post, we’d like to explain more about the vulnerability and explain how the Fix It solution addresses the issue. We will also provide more details about the attack landscape and provide our assessment of the effectiveness of EMET against current attacks.

https://blogs.technet.com/b/srd/arch...edirected=true