IE Zero Day Advisory from Microsoft
Microsoft released a Security Advisory yesterday(1) which impacts Internet Explorer versions 6 through 11, taking advantage of a vulnerability in Flash. The Microsoft advisory notes that ??The vulnerability is a remote code execution vulnerability. ? The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.?
This exploit is currently being seen in limited attacks at this time against versions IE9-IE11, according to the security vendor Fireeye(2), who is working with MS at this time. At the time of this writing, a patch is not yet available.
Actions to take to limit the impact of the vulnerability:
- Install EMET . According to Fireeye's testing, EMET 4.1 and 5 do break the exploit.
- Disable Flash . Note that IE 10 and later on Windows 8 do include Flash. But you can still disable it. This is an IE vulnerability but Flash is needed to exploit it and bypass some of the protection techniques implemented in newer versions of IE/Windows.
- Enable the Internet Explorer "Enhanced Protection Mode" (EPM) which became available in Internet Explorer 10. But it may break some plugins.
(1)https://technet.microsoft.com/en-US/library/security/2963983
tony d0t carothers --gmail
The Dreaded "D" Word of IT
Weekends are usually a good time to catch up on the dreaded ??D? word of IT professionals everywhere?. Documentation. Security is a process, and as such requires good documentation to drive those processes. All organizations have (or should have) documentation to support their efforts and guide their work, typically in the form of a Site Security Plan, Change Control processes, Roles and Responsibilities, etc., etc. These process are in place to support constantly changing systems. Updating the documentation is often a painful process that is left for less mundane and intriguing tasks, thus it is relegated to weekend work.
The landscape of technology, requirements, threats, and vulnerabilities is changing every day, so the processes we use to support these need to adapt as well. One key to managing the documents is establishing an annual review process of the document library. These reviews can be broken up over the calendar year, to spread out the work; the larger documents can be sectioned out to team members for draft input and review over a period of time. The review process, if possible, should include an objective review from a peer or colleague to assist in providing objective feedback and analysis.
Any process works best when it is known, documented, and implemented, and Security processes require the same care and feeding as the systems they serve.
tony d0t carothers --gmail
Comments
Anonymous
Dec 3rd 2022
9 months ago
Anonymous
Dec 3rd 2022
9 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
Anonymous
Dec 26th 2022
8 months ago
Anonymous
Dec 26th 2022
8 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
8 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
8 months ago
Anonymous
Dec 26th 2022
8 months ago
https://defineprogramming.com/
Dec 26th 2022
8 months ago
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
https://defineprogramming.com/
Dec 26th 2022
8 months ago
rthrth
Jan 2nd 2023
8 months ago