Initial Release: 11th December 2008
Revised Version: 12th December 2008
2nd Revised Version : 18th December 2008
1.0 Introduction
MyCERT has received reports from Microsoft and other security teams regarding the availability of a 0-day exploit targeting Microsoft Internet Explorer 6, 7 and 8. Microsoft has already released security update to fix the problem [1].
Users should take note that the recent cumulative fix released by Microsoft (http://www.microsoft.com/technet/security/bulletin/ms08-073.mspx) does not protect them from this exploit, thus users are highly encouraged to apply the security fix immediately.
2.0 Impact
The exploitation requires users to visit a web site that contains the exploit code. Successful exploitation allows remote code execution by the attacker.
3.0 Affected Products and Platforms
Windows Internet Explorer 7 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, Windows Vista, Windows Vista Service Pack 1, and Windows Server 2008. Microsoft Internet Explorer 5.01 Service Pack 4, Microsoft Internet Explorer 6 Service Pack 1, Microsoft Internet Explorer 6, and Windows Internet Explorer 8 Beta 2 on all supported versions of Microsoft Windows.
4.0 Mitigation
Users are advised to promptly apply the security update released by Microsoft at the mentioned URL [1].
If users are not able to apply the security update at the current time, users are encouraged to apply mitigation techniques proposed by in [2] if they wish to use Internet Explorer 6, 7 and 8. Protected Mode in Internet Explorer 7 and Internet Explorer 8 in Windows Vista limits the impact of the vulnerability.
Please refer at: http://www.microsoft.com/windows/windows-vista/features/IE7-protected-mode.
Users may also consider using alternative browsers such as Mozilla Firefox or Opera while waiting for the problem to be resolved. In addition, system administrator may block traffic from the internal network going to known IE7 exploit sites that are published by ShadowServer Foundation in [3] or use Snort IDS signatures made available by Emerging Threats in [7].
5.0 References
| [1] | Microsoft Security Bulletin MS08-078-Critical |
| http://www.microsoft.com/technet/security/bulletin/ms08-078.mspx |
| [2] | Microsoft Security Advisory on IE 7 Vulnerability |
| http://www.microsoft.com/technet/security/advisory/961051.mspx |
| [3] | IE 7 Exploit Sites |
| http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20081210 |
| [4] | SANS Handlers Diary |
| http://isc.sans.org/diary.html?storyid=5458 |
| [5] | Trend Micro Blog |
| http://blog.trendmicro.com/zero-day-ie-flaw-being-actively-exploited/ |
| [6] | Symantec Blog |
| https://forums.symantec.com/syment/blog/article?blog.id=vulnerabilities_exploits&thread.id=180 |
| [7] | Snort Rule for IE 0-day |
| http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_IE_0Day |
Users and organizations could contact MyCERT for further assistance or questions.
MyCERT can be reached at:
E-mail : mycert@mycert.org.my
Phone : +603 89926969 (monitored during business hours)
Fax : +603 89453442
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : +60 19 2813801 (24x7 SMS reporting)
Business Hours : Mon - Fri 08:30 -17:30 MYT
Web: http://www.mycert.org.my
Revision History:
Initial Release: 11th December 2008
1st Revision: 12th December 2008
2nd Revised Version : 18th December 2008
No comments:
Post a Comment