Microsoft releases Security Advisory 2963983

Discussion in 'other security issues & news' started by siljaline, Apr 27, 2014.

Thread Status:
Not open for further replies.
  1. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
    http://blogs.technet.com/b/msrc/archive/2014/04/26/microsoft-releases-security-advisory.aspx
    https://technet.microsoft.com/en-US/library/security/2963983
    https://twitter.com/msftsecresponse
     
    Last edited: Apr 27, 2014
  2. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    http://www.fireeye.com/blog/uncateg...hrough-11-identified-in-targeted-attacks.html
     
  3. DoctorPC

    DoctorPC Banned

    Joined:
    Jan 9, 2014
    Posts:
    813
    http://www.wfaa.com/home/257034451.html

    Microsoft confirmed Saturday that it is working to fix the code that allows Internet Explorer versions six through 11 to be exploited by the vulnerability. As of Monday morning, no fix had been posted. Computer users who are running the Windows XP operating system are out of luck.
     
  4. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    I wonder when MS is going to suck it up and leave EPM (Enhanced Protected Mode) on by default, which mitigates this issue. Here's hoping with IE12...

    Also integrate EMET into the Windows control panel, which also mitigates this issue.

    No one using XP should be using IE.
     
  5. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    http://blogs.wsj.com/digits/2014/04/27/new-browser-hole-poses-extra-danger-for-xp-users/
     
  6. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
    US CERT and KB 2963983: Don't use drive-by-enabled Internet Explorer
    http://www.infoworld.com/t/microsof...nt-use-drive-enabled-internet-explorer-241467
     
  7. JohnBurns

    JohnBurns Registered Member

    Joined:
    Jul 4, 2004
    Posts:
    778
    Location:
    Oklahoma City
  8. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
  9. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
  10. Justintime123

    Justintime123 Registered Member

    Joined:
    Jun 15, 2013
    Posts:
    99
    http://steve.grc.com/2014/04/28/a-quick-mitigation-for-internet-explorers-new-0-day-vulnerability/

    Thus, to immediately protect any use of Internet Explorer on 32-bit versions only of Windows – yes, even on creaky old WinXP (the XPocalypse has been delayed) – simply copy the following incantation, then paste and run it in either a Windows Command Prompt or the “Run…” dialog under the Start button (if you’re lucky enough to still have one on your Windows desktop):

    regsvr32 -u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"
    This unregisters (-u) the VML renderer, thus rendering it inaccessible to the exploit attempt. Your IE browser will no longer be able to render vector markup language content… but it probably never did before, anyway.

    You can perform a “before and after” test to confirm that VML rendering has been disabled with this simple VML rendering of an office layout: http://www.vmlmaker.com/gallery/visio/office_layout.htm. Note that Internet Explorer must be restarted after making any change.
     
  11. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    7,982
  12. JohnBurns

    JohnBurns Registered Member

    Joined:
    Jul 4, 2004
    Posts:
    778
    Location:
    Oklahoma City
    From what I understand, we shouldn't confuse the Flash Player update KB2961887 with a solution for the zero-day exploit. They just coincidentally happened at the same time.
     
  13. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    Yes Flash player was used to trigger IE's zero day exploit. Updating Flash won't close browser's zero day. Flash has been updated, we're still waiting for update for IE.
     
  14. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,043
    Location:
    Texas
    Security Advisories Updated or Released Today
    ==============================================

    * Microsoft Security Advisory (2963983)
    - Title: Vulnerability in Internet Explorer Could Allow
    Remote Code Execution
    - https://technet.microsoft.com/library/security/2963983
    - Revision Note: V1.1 (April 29, 2014): Updated advisory to
    clarify workarounds to help prevent exploitation of the
    vulnerability described in this advisory. See Advisory FAQ for
    details.
     
  15. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,043
    Location:
    Texas
  16. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,867
    Location:
    Outer space
    EMET protects against this if you have Deep Hooks and Anti-detour enabled. If you use EMET 5.0 TP, the new ASR will also provide protection.
    http://blogs.technet.com/b/srd/arch...-about-security-advisory-2963983-ie-0day.aspx
    MS will soon release EMET 4.1 update 1 which will have Deep Hooks enabled by default.
    http://blogs.technet.com/b/srd/arch...or-the-security-advisory-2963983-ie-0day.aspx

    Unregistering vgx.dll does not guarantee protection against exploitation!
    http://www.kb.cert.org/vuls/id/222929
     
  17. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    7,982
  18. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
  19. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
  20. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    From Out-of-Band Release to Address Microsoft Security Advisory 2963983: (my bolding)
     
  21. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    7,982
    MS14-021: Description of the security update for Internet Explorer for systems that have security update 2929437 installed: May 1, 2014
    http://support.microsoft.com/kb/2964358

    Microsoft Security Bulletin Summary for May 2014.
    https://technet.microsoft.com/library/security/ms14-may.aspx

    -----------------------------------
    Microsoft to release IE security patch today, including one for Windows XP

    Microsoft issuing fix for IE zero day today
     
  22. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  23. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
  24. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
  25. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    maybe it would interfere with the install of addons?

    anyway, I got both EPM and 64 bits EPM running.

    IE itself run at medium Integrity Level.
    with only one tab open the sub-process runs at AppContainer IL.
    which is stricter than low IL I gather.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.