Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Microsoft Releases Out-of-Band Advisory for all Versions of Internet Explorer - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft Releases Out-of-Band Advisory for all Versions of Internet Explorer

Microsoft just released an advisory on an Internet Explorer vulnerability that would allow for remote execution.  The report references public availability of details of his vulnerability.  The long story short, a targetted attack that gets a user to view a malicious webpage (or malicious content on an otherwise safe webpage) could lead to memory corruption that could execute arbitrary code with the permissions of the logged in user.  Two suggested actions are provided by Microsoft, apply the FixIt provided by Microsoft or deploy EMET 3.0/4.0 which provides generalized protection of memory (and probably not a bad idea to deploy anyway).  Note, the FixIt ONLY applies to 32-bit versions of Internet Explorer.

This post will be updated with more details as the situation warrants.

John Bambenek
bambenek \at\ gmail /dot/ com
Bambenek Consulting


262 Posts
ISC Handler
Sep 17th 2013
Does anyone know what the FixIt actually does? I'd like to have the option to deploy this system wide via GP or something.

88 Posts
Oops, look first, ask questions second. The FixIt downloads an msi file, so it's deployable. I still don't know what it does, though...

88 Posts
The Fixit is described in detail here:

11 Posts
2013-09-17 1500 downloaded EMET 4.0 and installed it. Used 'Recommended' config (ie ticked MS products, et al).
Executed IE. It immediately crashed: "Program failed." Clicked "Cancel". Cancel failed. Clicked "X". X failed.
Using Processes Explorer, killed process. Kill Process worked as expected.
Executed IE a second time. Same result.
Using Control Panel, uninstalled EMET and EMET 4.0. Executed IE a third time. IE came up as expected. Advised client of greater risk without EMET. Client said, "Give me my (working) IE (with all my Favorites) and my Boggle".

4 Posts
Granted you only hear the "bad" but EMET 4.0 seems problematic for many folks. I'd try using EMET 3.5 Tech Preview and see if things stabilize. Nice feature set, but I suspect EMET 4.0 was released a bit too soon. YMMV
13 Posts

Sign Up for Free or Log In to start participating in the conversation!