Smokey's Security Weblog

veritas odium parit

Microsoft released emergency out-of-band update fixing IE zero day vulnerability

Today Microsoft have released an emergency out-of-band update (2965111) to fix a zero day publicly disclosed vulnerability in Internet Explorer (Microsoft Security Advisory 2963983). The vulnerability could allow remote code execution if a user views a specially crafted webpage using an affected version of Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.

This security update is rated Critical for Internet Explorer 6 (IE 6), Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows clients, and Moderate for Internet Explorer 6 (IE 6), Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows servers.

More info about the fix here: MS14-021 :Security update for Internet Explorer: May 1, 2014 The advance notification of the update lists Windows XP as among the affected platforms, indicating that it will be among the platforms patched, in spite of its support period ending weeks ago.

Users with Automatic Updates enabled do not have to do anything, although running Windows Update will apply the fix immediately.

May 1, 2014 Posted by | Alerts, News, Vulnerabilities | , , , , , , , , , | Leave a comment

Extremely critical 0-Day Exploit for Internet Explorer in the wild

Microsoft Security Advisory (961051)
Vulnerability in Internet Explorer Could Allow Remote Code Execution

Published: December 10, 2008 | Updated: December 11, 2008

Microsoft is continuing its investigation of public reports of attacks against a new vulnerability in Internet Explorer. Our investigation so far has shown that these attacks are only against Windows Internet Explorer 7 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, Windows Vista, Windows Vista Service Pack 1, and Windows Server 2008. Microsoft Internet Explorer 5.01 Service Pack 4, Microsoft Internet Explorer 6 Service Pack 1, Microsoft Internet Explorer 6, and Windows Internet Explorer 8 Beta 2 on all supported versions of Microsoft Windows are potentially vulnerable.

This update to the advisory contains information about which versions of Internet Explorer are vulnerable as well as new workarounds and a recommendation on the most effective workarounds.

The vulnerability exists as an invalid pointer reference in the data binding function of Internet Explorer. When data binding is enabled (which is the default state), it is possible under certain conditions for an object to be released without updating the array length, leaving the potential to access the deleted object’s memory space. This can cause Internet Explorer to exit unexpectedly, in a state that is exploitable.

At this time, we are aware only of limited attacks that attempt to use this vulnerability against Windows Internet Explorer 7. Our investigation of these attacks so far has verified that they are not successful against customers who have applied the workarounds listed in this advisory. Additionally, there are mitigations that increase the difficulty of exploiting this vulnerability.

We are actively working with partners in our Microsoft Active Protections Program (MAPP) and our Microsoft Security Response Alliance (MSRA) programs to provide information that they can use to provide broader protections to customers. In addition, we’re actively working with partners to monitor the threat landscape and take action against malicious sites that attempt to exploit this vulnerability.

We are actively investigating the vulnerability these attacks attempt to exploit. We will continue to monitor the threat environment and update this advisory if this situation changes. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through a service pack, our monthly security update release process, or an out-of-cycle security update, depending on customer needs.

Microsoft continues to encourage customers to follow the “Protect Your Computer” guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. Additional information can be found at Security at home.

Mitigating Factors:

Protected Mode in Internet Explorer 7 and Internet Explorer 8 in Windows Vista limits the impact of the vulnerability.

• By default, Internet Explorer on Windows Server 2003 and Windows Server 2008 runs in a restricted mode that is known as Enhanced Security Configuration. This mode sets the security level for the Internet zone to High. This is a mitigating factor for Web sites that you have not added to the Internet Explorer Trusted sites zone.

• An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.

• Currently known attacks cannot exploit this issue automatically through e-mail.

Source: Microsoft TechNet

December 12, 2008 Posted by | Advisories, Alerts, Friends, Malware, News, Recommended External Security Related Links, Vulnerabilities | , , , , , | Leave a comment

Microsoft Security Advisory (953818): Blended Threat from Combined Attack Using Apple’s Safari on the Windows Platform

Published by Microsoft: May 30, 2008

Microsoft is investigating new public reports of a blended threat that allows remote code execution on all supported versions of Windows XP and Windows Vista when Apple’s Safari for Windows has been installed. Safari is not installed with Windows XP or Windows Vista by default; it must be installed independently or through the Apple Software Update application. Customers running Safari on Windows should review this advisory.

At the present time, Microsoft is unaware of any attacks attempting to exploit this blended threat. Upon completion of this investigation, Microsoft will take the appropriate measures to protect our customers. This may include providing a solution through a service pack, the monthly update process, or an out-of-cycle security update, depending on customers needs.

Mitigating Factors:

• Customers who have changed the default location where Safari downloads content to the local drive are not affected by this blended threat.

More: Microsoft TechNet

Apple, please fix your homework in a proper and decent way asap!

Added: May 31, 2008

For reason of the information provided in the original advisory provided by Nitesh Dhanjani on May 15, 2008 this blended thread have to be considered as being Highly Critical.

Excerpt original advisory:

1. Safari Carpet Bomb. It is possible for a rogue website to litter the user’s Desktop (Windows) or Downloads directory (~/Downloads/ in OSX). This can happen because the Safari browser cannot be configured to obtain the user’s permission before it downloads a resource. Safari downloads the resource without the user’s consent and places it in a default location (unless changed).

2. Sandbox not Applied to Local Resources. This issue is more of a feature set request than a vulnerability. For example, Internet Explorer warns users when a local resource such as an HTML file attempts to invoke client side scripting. I feel this is an important security feature because of user expectations: even the most sophisticated users differentiate between the risk of clicking on an executable they have downloaded (risk perceived to be higher) to clicking on a HTML file they have downloaded (risk perceived to be lower).

3. [Undisclosed]. The third issue I reported to Apple is a high risk vulnerability in Safari that can be used to remotely steal local files from the user’s file system.

Remarkable and not  understandable: Apple let Nitesh Dhanjani know that they will fix only 1 of the issues he reported.

My advice: as long Apple haven’t fixed all the three issues mentioned in the original advisory, for security reasons don’t use Apple’s Safari (anymore).

May 31, 2008 Posted by | Advisories, Alerts, Downloads, Malware, News, Recommended External Security Related Links, Vulnerabilities | , , , , , , , , , , , , , , , , | Leave a comment