p2pnet news view | Security:- A zero day exploit for Microsoft’s Internet Explorer is spreading rapidly across the net, says Heise Online.

And among solutions offered up by experts is to immediately stop using IE and start using another browser, for example Firefox.

Usually, in attacks of this kind, victims have to actually click on something to set a process in motion

But not this time, says Heise. All they have to do is merely open an innocuous seeming page.

“It targets a particularly dangerous hole in all versions of the Microsoft browser,” it states,  warning there’s no patch and, “a Windows PC can become infected with malicious software through the simple act of opening a web page.”

Given that  three-quarters of people online use IE,  “millions of people could already have been targeted,” declares The Telegraph, continuing:

“Microsoft has published a list of technical changes that it say should protect against the threat until it can release a software update to close the loophole, although the instructions would be incomprehensible to most casual surfers.

“It has also advised users to enable their firewalls and install anti-virus and anti-spyware software, but web security experts say the best guarantee of safety is to use an alternative browser such as Firefox, Safari or Opera, which can all be downloaded for free.”

meanwhile, “More and more harmless servers are currently being manipulated via SQL injection to deliver the zero day exploit to requesting computers,” says Heise. “It is, therefore, possible to get infected by visiting a trustworthy site.”

Microsoft has published a list of technical changes it says should protect against the threat until it can release a software update to close the loophole, says The Telegraph. But it seems to be of little use to the average person.

The instructions would be, “incomprehensible to most casual surfers,” says the story, also pointing out web security experts say, “the best guarantee of safety is to use an alternative browser such as Firefox, Safari or Opera, which can all be downloaded for free”.

Says Will Dormann on US CERT »»»

Microsoft Internet Explorer contains an invalid pointer vulnerability in its data binding code. The vulnerability can be triggered when Internet Explorer or a program that uses Internet Explorer’s components renders a document that contains more than one reference to the same data source. This flaw can cause an invalid array size and result in the accessing of memory space of a deleted object. Specially-crafted content that performs data binding, such as an XML or HTML document, can cause IE to crash in a way that is exploitable. Limited testing has shown this vulnerability to affect Internet Explorer 6 and later, up to and including Internet Explorer 8 Beta 2. However, all versions of Internet Explorer from 4.0 and on may be at risk. We have confirmed that Outlook Express is also at risk. Exploit code for this vulnerability is publicly available.

II. Impact
By convincing a user to view a specially crafted document that performs data binding (e.g., a web page or email message or attachment), an attacker may be able to execute arbitrary code with the privileges of the user.

III. Solution
We are currently unaware of a practical solution to this problem. Microsoft Security Advisory (961051) provides some workarounds, including unregistering oledb32.dll. These workarounds are further explained in the Microsoft SWI Blog.

Disable the Microsoft OLE DB Row Position Library COM object

The most effective way of mitigating this vulnerability appears to be to disable the Microsoft OLE DB Row Position Library COM object. As outlined in the Microsoft Security Advisory, delete the following registry key:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2048EEE6-7FA2-11D0-9E6A-00A0C9138C29}]

Note that once this change is made, all ADO (ActiveX Data Objects applications that use the RowPosition property and related information and all OLE DB applications that use the OLE DB Row Position Library will not function properly.

Disable Active Scripting

This vulnerability can be mitigated by disabling Active Scripting in the Internet Zone, as specified in the “Securing Your Web Browser” document. Note that this will not block the vulnerability. IE still may crash when parsing specially-crafted XML content. Disabling Active Scripting will mitigate a common method used to achieve code execution with this vulnerability.

Enable DEP in Internet Explorer 7

Enabling DEP in Internet Explorer 7 on Windows Vista can help mitigate this vulnerability by making it more difficult to achieve code execution using this vulnerability.

References

http://www.microsoft.com/technet/security/advisory/961051.mspx
http://blogs.msdn.com/michael_howard/archive/2006/12/12/update-on-internet-explorer-7-dep-and-adobe-software.aspx
http://blogs.technet.com/msrc/archive/2008/12/12/friday-update-for-microsoft-security-advisory-961051.aspx
http://msdn.microsoft.com/en-us/library/ms531388(vs.85).aspx
http://secunia.com/advisories/33089/
http://www.avertlabs.com/research/blog/index.php/2008/12/09/yet-another-unpatched-drive-by-exploit-found-on-the-web/
http://www.scanw.com/blog/archives/303

Stay tuned.

Heise Online – Zero day exploit for Internet Explorer is spreading, December 16, 2008
The Telegraph – Internet Explorer security alert: Microsoft says all users at risk, December 16, 2008

---

Use free p2pnet newsfeeds for your site. It’s really easy!
Subscribe to p2pnet.net | | rss feed: http://p2pnet.net/p2p.rss | | Mobile – http://p2pnet.net/index-wml.php

---

Net access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for details.

This entry was posted on Tuesday, December 16th, 2008 at 10:47 am and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

HOME

Viewed 6897 times