Criminals are using a new Internet Explorer security hole to attack Windows computers in targeted attacks, though the vulnerability could end up being more widely exploited. While IE9 and IE10 are not affected, versions IE6, IE7, and IE8 are. It?s great to see that the latest versions of IE are immune, but this new vulnerability is still bad news for Windows XP users and earlier since they cannot upgrade to more recent versions of Microsoft?s browser.
?We are actively investigating reports of a small, targeted issue affecting Internet Explorer 6-8,? Dustin Childs of Microsoft Trustworthy Computing told TNW. ?We will take appropriate action to help keep customers protected once our analysis is complete. People using Internet Explorer 9-10 are not impacted.?
The IE zero-day flaw first came to light after report surfaced that the Council on Foreign Relations (CFR) had been hacked. A closer look by security firm FireEye led to the discovery that the CFR site had been compromised and was hosting malicious content as early as on December 21.
?The Council on Foreign Relations? website security team is aware of the issue and is currently investigating the situation,? CFR spokesperson David Mikhail told The Washington Free Beacon on Thursday. ?We are also working to mitigate the possibility for future events of this sort.?
The malicious JavaScript in question only served the exploit code to browsers whose language was either English (U.S.), Chinese (China), Chinese (Taiwan), Japanese, Korean, or Russian. Once the initial checks passed, the JavaScript proceeded to load an Adobe Flash file named ?today.swf.? This file ultimately triggered a heap spray in IE and downloaded a file named ?xsainfo.jpg.?
More details of the vulnerability are available at the CERT Knowledgebase ( VU#154201). Here?s the full technical description:
Microsoft Internet Explorer contains a use-after-free vulnerability in the mshtml CDwnBindInfo object. Specially-crafted JavaScript can cause Internet Explorer to create a CDoc object that contains a CDwnBindInfo object. This object may be freed without removing its pointer, resulting in a state where Internet Explorer may attempt to CALL an invalid memory address. Combined with heap spraying or other techniques, an attacker may be able to place arbitrary code at this address. This vulnerability is currently being exploited in the wild, using Adobe Flash to achieve a heap spray and Java to provide Return Oriented Programming (ROP) gadgets.
Since there is no patch available, the note recommends a few workarounds: use the Microsoft Enhanced Mitigation Experience Toolkit (EMET), disable the Flash ActiveX control in IE, and disable Java in IE. We recommend avoiding the use of IE8 or earlier by either upgrading to IE9/IE10, or simply using a different browser such as Google Chrome.
Image credit: Miguel Saavedra
Source: http://feedproxy.google.com/~r/TheNextWebPortugal/~3/0m958iw-j9A/
pinewood derby cars republican debate tonight tinker tailor soldier spy rich forever rick ross project runway all stars elin nordegren tangled ever after
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.