All versions of Internet Explorer under threat
Posted on 23 December 2010.
Today Microsoft released a new security advisory to help protect users from a vulnerability affecting Internet Explorer versions 6, 7, and 8. Exploiting this vulnerability could lead to unauthorized remote code execution inside the iexplore.exe process.

Internet Explorer loads mscorie.dll, a library that was not compiled with /DYNAMICBASE (thus not supporting ASLR and being located always at the same base) when processing some HTML tags. Attackers use these predictable mappings to evade ASLR and bypass DEP by using ROP (return oriented programming) gadgets from these DLLs in order to allocate executable memory, copying their shellcode and jumping into it.

Although Microsoft is currently not aware of any attacks, given the public disclosure of this vulnerability, the likelihood of criminals using this information to actively attack may increase.

Users of Windows Vista and later versions of Windows are strongly encouraged to protect themselves against this issue by installing the free Enhanced Mitigation Experience Toolkit (EMET) and proceed to protect the iexplore.exe process.

When EMET is in place, this type of exploit will most likely fail. This is because of at least three mitigations:
  • Mandatory ASLR: This mitigation will force the mscorie.dll to be located on random addresses each time.
  • Heap Spray pre-allocation: Some of these exploits use some common used heap pages for placing ROP data such as 0x0c0c0c0c.
  • EAT Filtering: Running shellcode can potentially be blocked by this mitigation.
Additionally, users should be aware that protected Mode in Internet Explorer on Windows Vista and Windows 7 helps to significantly limit the impact of currently known exploits. Protected Mode is on by default in Internet and Restricted sites zones in Internet Explorer 7 and 8, and prompts users before allowing software to install, run or modify sensitive system components.

Microsoft continues to investigate the vulnerability and will release a comprehensive security update once available.





Spotlight

The role of the cloud in the modern security architecture

Posted on 31 July 2014.  |  Stephen Pao, General Manager, Security Business at Barracuda Networks, offers advice to CISOs concerned about moving the secure storage of their documents into the cloud and discusses how the cloud shaping the modern security architecture.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Aug 1st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //