We've had numerous readers write in about an IE8 zero day, most pointed us here for more info on it ==> http://eromang.zataz.com/2012/09/16/zero-day-season-is-really-not-over-yet/ Since I'm not a "Malware Analysis Guy" (at least until I take Lenny's Forensics 610 class), I hunted around for some confirmation before I posted. I guess a Metasploit module that exploits it counts as confirmation ! Also more info here: http://blog.vulnhunt.com/index.php/2012/09/17/ie-execcommand-fuction-use-after-free-vulnerability-0day (thanks to our readers, who corrected my original post - this zero day affects not just IE8, but also IE7 and IE9) ===============
|
Rob VandenBrink 561 Posts ISC Handler Sep 17th 2012 |
Thread locked Subscribe |
Sep 17th 2012 8 years ago |
IE9 won't save you (and neither will IE7):
https://community.rapid7.com/community/metasploit/blog/2012/09/17/lets-start-the-week-with-a-new-internet-explorer-0-day-in-metasploit |
Paul 2 Posts |
Quote |
Sep 17th 2012 8 years ago |
Like Paul said, this is for IE 7 - 9, not just 8. Until a patch is released, you should not use IE.
|
Paul 6 Posts |
Quote |
Sep 17th 2012 8 years ago |
Would the latest version of EMET that includes the ROP protections for java and iexplore executables block this attack? Wondering if it is a compensating control until the patch is released.
|
Anonymous |
Quote |
Sep 17th 2012 8 years ago |
any cve# for this yet?
|
TuggDougins 37 Posts |
Quote |
Sep 17th 2012 8 years ago |
IE 6 through 9 vulnerable: http://technet.microsoft.com/en-us/security/advisory/2757760
|
Brian 3 Posts |
Quote |
Sep 18th 2012 8 years ago |
According to this article, EMET should protect you. http://www.reuters.com/article/2012/09/18/net-us-microsoft-browser-idUSBRE88G1CA20120918
|
Brian 1 Posts |
Quote |
Sep 18th 2012 8 years ago |
See also http://technet.microsoft.com/en-us/security/advisory/2757760
IE 6, 7, 8, 9 and 10 are affted on most platforms |
Doug 2 Posts |
Quote |
Sep 18th 2012 8 years ago |
Is this a candidate for moving the threat level to Yellow?
|
Everseeker 4 Posts |
Quote |
Sep 18th 2012 8 years ago |
Sir, are you absolutely sure? It does mean changing the bulb.
|
Everseeker 6 Posts |
Quote |
Sep 18th 2012 8 years ago |
Suggesting that another browser be used does not work when the Corporate accounting system cannot function in any browser except IE.
|
KBR 63 Posts |
Quote |
Sep 18th 2012 8 years ago |
Add corporate accounting system and intranet sites to trusted sites in IE. set the internet zone to "high" security to prevent scripts from running. Send email to users telling them to use chrome or firefox to surf the internet in general. (If you can, make sure those browsers have web of trust plugin or other malware blocking addons like adblock plus installed.
|
dayglo 5 Posts |
Quote |
Sep 18th 2012 8 years ago |
- https://technet.microsoft.com/en-us/security/advisory/2757760
V1.1 (Sep 18, 2012): Assigned Common Vulnerability and Exposure number CVE-2012-4969 to the issue. Also corrected instructions in the EMET workaround. - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4969 - 9.3 (HIGH) "... function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012..." . |
Jack 160 Posts |
Quote |
Sep 18th 2012 8 years ago |
- https://blogs.technet.com/b/msrc/archive/2012/09/18/additional-information-about-internet-explorer-and-security-advisory-2757760.aspx?Redirected=true
18 Sep 2012 - "We will release a Fix it in the next few days to address an issue in Internet Explorer... It will not affect your ability to browse the Web, and it will provide full protection against this issue until an update is available. It won’t require a reboot of your computer. This Fix it will be available for everyone to download and install within the next few days..." . |
Jack 160 Posts |
Quote |
Sep 19th 2012 8 years ago |
Is it just me, or is the 'panic' around this a little much?
The sequence of the vulnerability as I am reading it includes leveraging a rather old Adobe vulnerability. Also, most leading A/V vendors are detecting all the exploits. Except for the home user that doesn't update - theoretically, corporate environments that update at least one of the two (A/V; Adobe) and have decent perimeter protections you should have reasonable mitigation against this threat. |
IMFerret 10 Posts |
Quote |
Sep 19th 2012 8 years ago |
IE Fix it available
- http://support.microsoft.com/kb/2757760#FixItForMe ... MS12-063 to be released Friday 9.21.2012 - https://blogs.technet.com/b/msrc/archive/2012/09/19/internet-explorer-fix-it-available-now-security-update-scheduled-for-friday.aspx?Redirected=true . |
Jack 160 Posts |
Quote |
Sep 20th 2012 8 years ago |
Sign Up for Free or Log In to start participating in the conversation!