To Customer Support To Customer Support

Microsoft Security Advisory (2757760)

  • 18 September 2012
  • 6 replies
  • 4 views
MikeR
Userlevel 7
  • MikeR
  • Retired Webrooter
  • 1455 replies

Vulnerability in Internet Explorer Could Allow Remote Code Execution

 
Yesterday, Microsoft announced a remote code execution vulnerability in Internet Explorer which utilizes memory in a way that allows the execution of malicious code and installs the Poison Ivy backdoor trojan. It exploits a use-after-free vulnerability in IE which allows the "badguys" to create an image URL that accesses the uninitialized memory. As of now the attacks are targeting Windows XP systems but with the use of Metasploit code, it would not be suprising to see the attacks on other platforms as well.
 
Microsoft is encouraging that all users enable a firewall, apply ALL software updates, and to install an anti-virus and anti-spy-ware program. These types of vulnerabilities are common with MS products and are seen all the time. If you keep Java and Microsoft up-to-date, and you have Webroot SecureAnywhere, you will still be protected from malware that may slip through these holes. :D
 
Anti-virus is essential, although using a different browser until a security update is released can help, you are still vulnerable, this attack exploits IE code, which is used by multiple utilities and third-party applications you use every day.
 
Yunsun Wee, director, Microsoft Trustworthy Computing recommends that you keep Java up-to-date or that you uninstall it altogether and that using EMET 3.0 can help protect Windows systems and older operating systems such as XP in particular. You can always run EMET alongside Webroot for an added layer of protection although it is not necessary.
 
Here is the full security advisory from Microsoft.
 
Vulnerability in Internet Explorer Could Allow Remote Code Execution
Published: Monday, September 17, 2012
 
 
Mike R Social Media Manager

6 replies

RetiredTripleHelix
Rank
Userlevel 7
Badge +56
Just to add more information!
 
Internet Explorer Zero-Day Flaw Exploited by Same Java Gang
 
"Attackers are exploiting a new security vulnerability in Internet Explorer and security experts are recommending users stop using IE until the flaw is patched.
The attack code was found on some infected servers associated with the group behind the recent attacks against Java, Eric Romang, a Luxembourg-based IT security advisor at ZATAZ.com, wrote on his blog over the weekend. The Metasploit team worked with Romang to verify the use-afer-free vulnerability in Internet Explorer and has already released an exploit to the open source penetration testing framework.
Victim computers are compromised just by visiting a malicious Website, which gives attackers the same privileges on the machine as the current user, Metasploit exploit developer "sinn3r" wrote on the Rapid7 blog. The security hole exists in Internet Explorer 7, 8, and 9, and the Metasploit team was able to take over a Windows 7 machine with IE 9 installed, and Romang saw the exploit work on a fully-patched XP SP3 system and an up-to-date Adobe Flash Player.
"There is no way to tell at this time how long it has been used in the wild," Tod Beardsley, Metasploit Engineering Manager, told Security Watch.
The pool of potential users is pretty large, with Rapid7 pegging the number close to 41 percent of Internet users in North America. Since Microsoft has not released a patch for this vulnerability yet, Internet users are strongly advised to switch to other browsers, such as Chrome or Firefox, until a security update becomes available."
 
Full Story: Internet Explorer Zero-Day Flaw Exploited by Same Java Gang
 
 
 
RetiredTripleHelix
Rank
Userlevel 7
Badge +56
There will be an Out of Band update on Friday Sept 21st, 2012 to fix this Exploit in IE!
 
"Published: Wednesday, September 19, 2012

Version: 2.0

This is an advance notification for one out-of-band security bulletin that Microsoft is intending to release on September 21, 2012. The bulletin addresses security vulnerabilities in Internet Explorer.

This bulletin advance notification will be replaced with the September bulletin summary on September 21, 2012. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification."
 
TH
chatilingus
Rank
Userlevel 1
Badge +2
Zer gut!  fiele danken meine freunde....thanks for the info
 
ch 4 t
RetiredTripleHelix
Rank
Userlevel 7
Badge +56
Don't forget it's Microsoft out-of-band update today usually around 9:00am PDT or 1:00pm EDT just check via your Microsoft Update or Windows Update! http://www.update.microsoft.com/windowsupdate/v6/thanks.aspx?ln=en&&thankspage=5
 
TH ;)
RetiredTripleHelix
Rank
Userlevel 7
Badge +56
I just got home a few minutes ago and sure enough the update was there for my Win 7 x64! WoW 26.9MB I hope it's well patched for awhile now! http://technet.microsoft.com/en-us/security/bulletin/ms12-063
 
TH  


 
 


 
 

ProTruckDriver
Rank
Userlevel 7
I noticed, nice BIG patch. I hope it covered all the security holes. LOL 😃
Late 2015 ~ 5K ~ 27 inch iMac ~ macOS Catalina 10.15.7 ~ Clone & Backup with: SuperDuper - Time Machine & iCloud. PWM: RoboForm.  "An Apple a Day, Keeps Microsoft Away." 

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.