All versions of Internet Explorer under threat
Posted on 23 December 2010.
Today Microsoft released a new security advisory to help protect users from a vulnerability affecting Internet Explorer versions 6, 7, and 8. Exploiting this vulnerability could lead to unauthorized remote code execution inside the iexplore.exe process.

Internet Explorer loads mscorie.dll, a library that was not compiled with /DYNAMICBASE (thus not supporting ASLR and being located always at the same base) when processing some HTML tags. Attackers use these predictable mappings to evade ASLR and bypass DEP by using ROP (return oriented programming) gadgets from these DLLs in order to allocate executable memory, copying their shellcode and jumping into it.

Although Microsoft is currently not aware of any attacks, given the public disclosure of this vulnerability, the likelihood of criminals using this information to actively attack may increase.

Users of Windows Vista and later versions of Windows are strongly encouraged to protect themselves against this issue by installing the free Enhanced Mitigation Experience Toolkit (EMET) and proceed to protect the iexplore.exe process.

When EMET is in place, this type of exploit will most likely fail. This is because of at least three mitigations:
  • Mandatory ASLR: This mitigation will force the mscorie.dll to be located on random addresses each time.
  • Heap Spray pre-allocation: Some of these exploits use some common used heap pages for placing ROP data such as 0x0c0c0c0c.
  • EAT Filtering: Running shellcode can potentially be blocked by this mitigation.
Additionally, users should be aware that protected Mode in Internet Explorer on Windows Vista and Windows 7 helps to significantly limit the impact of currently known exploits. Protected Mode is on by default in Internet and Restricted sites zones in Internet Explorer 7 and 8, and prompts users before allowing software to install, run or modify sensitive system components.

Microsoft continues to investigate the vulnerability and will release a comprehensive security update once available.


Email scammers stole $215M from businesses in 14 months

Posted on 29 January 2015.  |  In 14 months there have been nearly 1200 US and a little over 900 non-US victims of BEC scams, and the total money loss reached nearly $215 million.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Jan 30th