General Discussion

[0-Day IE exploit published]

FYI...

0-Day IE exploit published
- http://www.symantec.com/connect/blogs/zero-day-internet-explorer-exploit-published
November 21, 2009 - "A new exploit targeting Internet Explorer was published to the BugTraq mailing list yesterday. Symantec has conducted further tests and confirmed that it affects Internet Explorer versions 6 and 7 as well. The exploit currently exhibits signs of poor reliability, but we expect that a fully-functional reliable exploit will be available in the near future... To minimize the chances of being affected by this issue, Internet Explorer users should ensure their antivirus definitions are up to date, disable JavaScript and only visit Web sites they trust until fixes are available from Microsoft."

- http://secunia.com/advisories/37448/2/
Release Date: 2009-11-23
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: Microsoft Internet Explorer 6.x, Microsoft Internet Explorer 7.x ...
Solution: Disable support for active scripting for all but trusted websites...

 

[Microsoft Security Advisory (977981)]

FYI...

Microsoft Security Advisory (977981)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://boards.cexx.org/index.php?topic=11831.msg79937#msg79937
November 23, 2009

- http://www.us-cert.gov/current/#microsoft_internet_explorer_vulnerability
November 23, 2009

- http://blogs.iss.net/archive/IE%20CSS%200day.html
November 23, 2009 - "... For IE users, it is worthwhile to upgrade to IE8 if you haven't already."

 

[IE 0-day exploit released]

FYI...

IE 0-day exploit released
- http://www.symantec.com/security_response/threatconlearn.jsp
Nov 26, 2009 - "An exploit has been released for the Metasploit framework that can be used to exploit the Microsoft Internet Explorer 'Style' Object Remote Code Execution Vulnerability. This exploit can leverage JavaScript heap-spray and .NET DLL memory-preparation techniques to achieve remote code execution. Customers who are prone to this issue are advised to disable JavaScript for untrusted websites. Also, setting Internet Explorer's security zone settings to high for the Internet zone will prevent the loading of .NET DLLs in Internet Explorer 7. For critical systems, consider upgrading to Internet Explorer 8, which is not vulnerable to this issue."

- http://www.pcworld.com/article/183190/attacks_appear_imminent_as_ie_exploit_is_improved.html
Nov 25, 2009

 

[Microsoft Security Advisory (977981)]

FYI...

Microsoft Security Advisory (977981)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/977981.mspx
Updated: November 25, 2009
• V1.1 (November 25, 2009): Corrected the CVE reference, added a mitigating factor concerning Web-based attacks, and clarified the workaround involving DEP*.
* "... • Enable DEP for Internet Explorer 6 or Internet Explorer 7 via automated Microsoft Fix It. See Microsoft Knowledge Base Article 977981** to use the automated Microsoft Fix it solution to enable or disable this workaround...
Impact of workaround: Some browser extensions may not be compatible with DEP and may exit unexpectedly. If this occurs, you can disable the add-on, or revert the DEP setting using the Internet Control Panel. This is also accessible using the System Control panel..."
** http://support.microsoft.com/kb/977981

- http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3672

- http://isc.sans.org/diary.html?storyid=7654
Last Updated: 2009-11-26 15:11:12 UTC - "... We strongly encourage all IE users to review the new information posted by MS, especially in light of workable exploits that are starting to surface on the web."
___

FIX: Microsoft Security Bulletin MS09-072 - Critical
Cumulative Security Update for Internet Explorer (976325)
- http://www.microsoft.com/technet/security/bulletin/MS09-072.mspx
Revisions:
• V1.0 (December 8, 2009): Bulletin published.
• V1.1 (December 9, 2009): Corrected a reference to Microsoft Knowledge Base Article 976749 in the section, Frequently Asked Questions (FAQ) Related to This Security Update. Also corrected, in the Security Update Deployment section, the registry key for verification of the update for Internet Explorer 7 for all supported x64-based editions of Windows XP.