Attackers abusing Internet Explorer to enumerate software and detect security products

Discussion in 'other security issues & news' started by MrBrian, Jul 28, 2014.

Thread Status:
Not open for further replies.
  1. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  2. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,985
    Location:
    Canada
    It looks like EMET is proving itself worthy as a security utility.
     
  3. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Abusing Internet Explorer. How many hundreds of times have we heard different versions of this?
     
  4. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,985
    Location:
    Canada
    :D
     
  5. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Internet Explorer is XPs Achilles heel. It will become a continuous source of exploitable vulnerabilities. EMET may be able to mitigate many of them but it is not a silver bullet. XP users should seriously consider getting rid of it with utilities like XPLite. Almost any other browser is better and more up to date.
     
  6. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,461
    I'm curious, is it possible to get rid of the IE HTML renderer? Because I believe that (on XP at least) that's integrated into Explorer. One might have to use 7zFM or such in place of explorer.
     
  7. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    658
    Location:
    Italy
    XP users can also use the trick 1803 to block downloads with I.E.8.
    No danger of Drive-By-Download.
     
  8. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,079
    This won't help against exploits though.
     
  9. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    658
    Location:
    Italy
    Drive-by downloads are typically carried out by exploiting browser vulnerabilities or lowered security settings on your computer.
     
  10. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,079
    So we don't need MBAE, EMET or HMPA. We just set 1803 trick and we are fine?
     
  11. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    658
    Location:
    Italy
    Trick 1803, on XP, prevents drive-by downloads only with I.E.8.
    If you use another browser vulnerable to remote ......
    ;)
    Sorry my bad English.
     
  12. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    It's been a while since I've used it, but if I recall, it can be removed. You'll lose active desktop, web view on folders, etc, essentially going back to the way earlier versions of explorer worked. For anyone wanting to try XPLite, I strongly suggest making a full system backup first. Also make a copy of the existing Windows and system32 folders so you'll have available any IE components needed by some applications. Then go slow removing things, especially if you go into the advanced section. Removing some of those services will break things. As long as you have a backup of your original system, there's no real risk.
     
  13. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Forgot that I had XPLite on a virtual copy of XP. The renderer is removable separately. Here's a few screenshots from XPLite showing part of what it can remove.
    XPLite1.gif xplite2.gif XPlite-adv.gif
     
  14. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,985
    Location:
    Canada
    is XP Lite essentially the same as nLite?
     
  15. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    No. nLite is more of a redeployment tool that can also remove some components. XPlite is strictly for removing Windows components. Think of it as a big extension to the "add/remove windows components" function, but separate. Unlike nLite, XPLite does not require NetFramework.
     
  16. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,985
    Location:
    Canada
    Okay, I see, thanks!
     
Loading...
Thread Status:
Not open for further replies.