New Internet Explorer vulnerability affecting all versions of IE

It appears IE9 is unaffected.

That said, I downloaded EMET a few days ago and added IE9, Foxit & Flash. Just in case

 

Advisory below, Ron
http://www.microsoft.com/technet/security/advisory/2488013.mspx

 

Researchers reveal attack code for new IE zero-day

 

Hmmm. What are the chances of Microsoft providing a solution through an out-of-cycle security update?
I'd be in favor of that option, in case they need to know how I prefer they handle this.

 

Microsoft warns on IE browser bug
23 December 2010 Last updated at 12:27

http://www.bbc.co.uk/news/technology-12067295

Are any anti-malware protecting against this expolit?

 

Using EMET protects you against this exploit.

 

Merry Christmas and Happy Security Advisory 2488013

~ F-Secure

 

I believe the original words in the Advisory were:

 

Interesting.
I just went into Windows Features and find that I couldn't turn off IE8 if I wanted to.
IE isn't listed in Windows Features as it is in the F Secure article.
Any ideas?
I have Windows 7 Pro x64.
Happy Holidays.
Hugger

 

If you don't use it, it doesn't matter.

If it's not being exploited, there's no reason to take the engineers away from their families at Christmas time when you could download EMET and add IE to it, 5 minutes done.

 

In trying to familiarize myself with EMET (which I admit I'd never even heard of before reading this thread), I ran across this recent (and interesting) Microsoft blog post ... On the effectiveness of DEP and ASLR

 

Even though I am pleased to learn that the Microsoft Security Response Center is "monitoring the threat landscape very closely" , I'd like to know if anyone here has an opinion about running IE with the reduced rights/limited user feature of Online Armor's Run Safer? And next I wonder about Sandboxie users... do they have anything to fear from this vulnerability?

 

Once again, you don't need either of those 3rd party products. EMET takes a whole 5 minutes to do and you're perfectly safe.

 

Or...don't bother with EMET because you're not only well covered for this vulnerability by Sandboxie, but all those other ones coming also! Fact is, both will do the job with this particular vulnerability. The difference is that Sandboxie does a lot more. No harm in running both.

 

The difference is Sandboxie installs several services/drivers and hooks various parts of your system.

EMET is a simple to use tool that after you add a program, no longer needs launched again. It also doesn't nag you to buy a full version, or cripple your internet experience by isolating all your history, cache, cookies, favourites, etc.

https://www.wilderssecurity.com/showthread.php?t=289086

 

Once again? What's that about?
I might go with EMET. I've already read the User's Guide.
It might be a 5 minute gig for you, but I know I would be spending more time with it.
Thanks for the link to the Mrkvonic thread.

 

Once again being, "once again mentioned in the thread" not "once again at you", sorry.

That thread links to his blog with some handy screenshots. It only seems difficult when looking at it, but in reality it's quite simple. You can always post here at Wilders when you're stuck with something and someone will be glad to help

 

You clearly have some strong feelings about Sandboxie. A few comments about EMET:

1. It's a new tool and does not have a long term proven track record against 0 days. Microsoft admit that there's no guarantee it will stop zero days
2. It can cause problems with some applications if they are not coded 'correctly'.
3. It requires .NET - not everybody is happy to install .NET
4. It's limited in its scope, e.g. Would it have prevented the recent DLL exploit - no. Did Sandboxie? Yes.

FWIW I use both EMET and Sandboxie.

 

I didn't describe my "feelings". They are clearly written as facts about the program.

Yeah, they will really come out and say "use this to become immune" then get their butts sued. Not even sandboxie guarantees it.

We're talking about IE here, not "some applications". EMET shouldn't be used on every application anyway. It works fine on browsers, flash, and foxit/adobe reader. The main methods of exploitation.

Many popular programs today use .NET, even the latest ATI control panel. Most people will have it installed already. Windows 7 includes .NET also.

What recent DLL exploit, and where is it stated that it would not prevent it? Don't make assumptions that people know what you're talking about, state facts with links please and teach us. Thank you.

 

Google "DLL exploit" or "DLL exploit testing". There's a wealth of information. Conceptually it is out of scope of what EMET aims to do. EMET is not a miracle cure-all, it's just another valuable tool in the box which aims to tackle specific vectors for zero day weaknesses.

I think it's great that Microsoft has released this tool and I also agree with you that you can use what's included in the OS to stay perfectly safe. LUA+SRP+EMET is extremely strong protection. And even Windows 7/Vista Home Premium users have access to SRP via Parental Controls.

p.s. Sandboxie installs 2 services and drivers, MSE installs 5. Services, drivers and hooks are only a problem if they result in conflicts.

 

So why mention EMET if it's out-of-scope?

Anyway, no need to install Sandboxie when it was fixed by a simple registry entry: http://support.microsoft.com/kb/2264107

Hmm 1 registry entry over a bunch of system wide hooks and drivers!

Really? This discussion now became about MSE? Why, because I stated facts about Sandboxie? :x

MSE installs 0 drivers, it uses services, a completely normal thing for programs to be doing. It also uses O.S. API pretty much everywhere including WFP for network filtering.

Sandboxie requires a lot of hooks for isolation, and over the years various issues have cropped up, including one not so long ago with a Windows Update.

 

To illustrate to you that there are zero day types that EMET can't handle but Sandboxie can. EMET is a tactical solution to a specific set of problems. Sandboxie, Online Armor and others are broad-spectrum system protection tools. Page42 asked "will sandboxie handle this" - your response "forget Sandboxie, EMET will handle it". You didn't even answer the question in your desire to put down Sandboxie. Seriously, take your grievances elsewhere.

@Page42 - not sure about Online Armor. It should handle this because ultimately the exploit aims to run malware, which should be caught by OA.

No, to illustrate your hypocrisy over Sandboxie. Complaining about it installing drivers when you run software that itself installs drivers.

You need to get yourself a better install monitoring tool if this is what you think. It installs a file system filter driver, a network monitor driver, and a network inspection system driver.

Thread derailed enough. Respond if you like, I won't any further.