New Internet Explorer vulnerability affecting all versions of IE

Discussion in 'other security issues & news' started by ronjor, Dec 22, 2010.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,724
    Location:
    Texas
    Microsoft
     
  2. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    It appears IE9 is unaffected.

    That said, I downloaded EMET a few days ago and added IE9, Foxit & Flash. Just in case :)
     
  3. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  4. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  5. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,828
    Location:
    Last Breath Farm
    Hmmm. What are the chances of Microsoft providing a solution through an out-of-cycle security update?
    I'd be in favor of that option, in case they need to know how I prefer they handle this. :cautious:
     
  6. silverfox99

    silverfox99 Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    204
  7. Matthijs5nl

    Matthijs5nl Guest

    Using EMET protects you against this exploit.
     
  8. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,913
    Location:
    U.S.A.
     
  9. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,028
    Location:
    Lloegyr
  10. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    I believe the original words in the Advisory were:
     
  11. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
  12. Hugger

    Hugger Registered Member

    Joined:
    Oct 27, 2007
    Posts:
    1,003
    Location:
    Hackensack, USA
    Interesting.
    I just went into Windows Features and find that I couldn't turn off IE8 if I wanted to.
    IE isn't listed in Windows Features as it is in the F Secure article.
    Any ideas?
    I have Windows 7 Pro x64.
    Happy Holidays.
    Hugger
     
  13. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    If you don't use it, it doesn't matter.

    If it's not being exploited, there's no reason to take the engineers away from their families at Christmas time when you could download EMET and add IE to it, 5 minutes done.
     
  14. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,828
    Location:
    Last Breath Farm
    In trying to familiarize myself with EMET (which I admit I'd never even heard of before reading this thread), I ran across this recent (and interesting) Microsoft blog post ... On the effectiveness of DEP and ASLR
     
  15. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,828
    Location:
    Last Breath Farm
    Even though I am pleased to learn that the Microsoft Security Response Center is "monitoring the threat landscape very closely" :rolleyes:, I'd like to know if anyone here has an opinion about running IE with the reduced rights/limited user feature of Online Armor's Run Safer? And next I wonder about Sandboxie users... do they have anything to fear from this vulnerability?
     
  16. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    Once again, you don't need either of those 3rd party products. EMET takes a whole 5 minutes to do and you're perfectly safe.
     
  17. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,108
    Location:
    Sofa (left side)
    Or...don't bother with EMET because you're not only well covered for this vulnerability by Sandboxie, but all those other ones coming also! Fact is, both will do the job with this particular vulnerability. The difference is that Sandboxie does a lot more. No harm in running both.
     
  18. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    The difference is Sandboxie installs several services/drivers and hooks various parts of your system.

    EMET is a simple to use tool that after you add a program, no longer needs launched again. It also doesn't nag you to buy a full version, or cripple your internet experience by isolating all your history, cache, cookies, favourites, etc.

    https://www.wilderssecurity.com/showthread.php?t=289086
     
  19. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,828
    Location:
    Last Breath Farm
    Once again? What's that about?
    I might go with EMET. I've already read the User's Guide.
    It might be a 5 minute gig for you, but I know I would be spending more time with it.
    Thanks for the link to the Mrkvonic thread.
     
  20. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    Once again being, "once again mentioned in the thread" not "once again at you", sorry.

    That thread links to his blog with some handy screenshots. It only seems difficult when looking at it, but in reality it's quite simple. You can always post here at Wilders when you're stuck with something and someone will be glad to help :D
     
  21. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,108
    Location:
    Sofa (left side)
    You clearly have some strong feelings about Sandboxie. A few comments about EMET:

    1. It's a new tool and does not have a long term proven track record against 0 days. Microsoft admit that there's no guarantee it will stop zero days
    2. It can cause problems with some applications if they are not coded 'correctly'.
    3. It requires .NET - not everybody is happy to install .NET
    4. It's limited in its scope, e.g. Would it have prevented the recent DLL exploit - no. Did Sandboxie? Yes.

    FWIW I use both EMET and Sandboxie.
     
  22. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    I didn't describe my "feelings". They are clearly written as facts about the program.

    Yeah, they will really come out and say "use this to become immune" then get their butts sued. Not even sandboxie guarantees it.


    We're talking about IE here, not "some applications". EMET shouldn't be used on every application anyway. It works fine on browsers, flash, and foxit/adobe reader. The main methods of exploitation.

    Many popular programs today use .NET, even the latest ATI control panel. Most people will have it installed already. Windows 7 includes .NET also.

    What recent DLL exploit, and where is it stated that it would not prevent it? Don't make assumptions that people know what you're talking about, state facts with links please and teach us. Thank you.
     
  23. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,108
    Location:
    Sofa (left side)

    Google "DLL exploit" or "DLL exploit testing". There's a wealth of information. Conceptually it is out of scope of what EMET aims to do. EMET is not a miracle cure-all, it's just another valuable tool in the box which aims to tackle specific vectors for zero day weaknesses.

    I think it's great that Microsoft has released this tool and I also agree with you that you can use what's included in the OS to stay perfectly safe. LUA+SRP+EMET is extremely strong protection. And even Windows 7/Vista Home Premium users have access to SRP via Parental Controls.

    p.s. Sandboxie installs 2 services and drivers, MSE installs 5. Services, drivers and hooks are only a problem if they result in conflicts.
     
    Last edited: Dec 26, 2010
  24. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    So why mention EMET if it's out-of-scope?

    Anyway, no need to install Sandboxie when it was fixed by a simple registry entry: http://support.microsoft.com/kb/2264107

    Hmm 1 registry entry over a bunch of system wide hooks and drivers!

    Really? This discussion now became about MSE? Why, because I stated facts about Sandboxie? :x

    MSE installs 0 drivers, it uses services, a completely normal thing for programs to be doing. It also uses O.S. API pretty much everywhere including WFP for network filtering.

    Sandboxie requires a lot of hooks for isolation, and over the years various issues have cropped up, including one not so long ago with a Windows Update.
     
  25. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,108
    Location:
    Sofa (left side)
    To illustrate to you that there are zero day types that EMET can't handle but Sandboxie can. EMET is a tactical solution to a specific set of problems. Sandboxie, Online Armor and others are broad-spectrum system protection tools. Page42 asked "will sandboxie handle this" - your response "forget Sandboxie, EMET will handle it". You didn't even answer the question in your desire to put down Sandboxie. Seriously, take your grievances elsewhere.

    @Page42 - not sure about Online Armor. It should handle this because ultimately the exploit aims to run malware, which should be caught by OA.


    No, to illustrate your hypocrisy over Sandboxie. Complaining about it installing drivers when you run software that itself installs drivers.

    You need to get yourself a better install monitoring tool if this is what you think. It installs a file system filter driver, a network monitor driver, and a network inspection system driver.

    Thread derailed enough. Respond if you like, I won't any further.
     
Loading...
Thread Status:
Not open for further replies.