Skip to main content

Internet Explorer 8 Specific Attack!


RetiredTripleHelix
Gold VIP
Forum|alt.badge.img+56

Microsoft Security Advisory (2847140)

Vulnerability in Internet Explorer Could Allow Remote Code Execution

Published: Friday, May 03, 2013
Version: 1.0

General Information

Executive SummaryMicrosoft is investigating public reports of a vulnerability in Internet Explorer 8. Microsoft is aware of attacks that attempt to exploit this vulnerability.
Internet Explorer 6, Internet Explorer 7, Internet Explorer 9, and Internet Explorer 10 are not affected by the vulnerability.
This is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.
On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.
We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers. In addition, we are actively working with partners to monitor the threat landscape and take action against malicious sites that attempt to exploit this vulnerability.
Microsoft continues to encourage customers to follow the guidance in the Microsoft Safety & Security Center of enabling a firewall, applying all software updates, and installing antimalware software.
Mitigating Factors:
  • By default, Internet Explorer on Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode that is known as Enhanced Security Configuration. This mode mitigates this vulnerability.
  • By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML email messages in the Restricted sites zone. The Restricted sites zone, which disables script and ActiveX controls, helps reduce the risk of an attacker being able to use this vulnerability to execute malicious code. If a user clicks a link in an email message, the user could still be vulnerable to exploitation of this vulnerability through the web-based attack scenario.
  • An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • In a web-based attack scenario, an attacker could host a website that contains a webpage that is used to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website.
Recommendation. Please see the Suggested Actions section of this advisory for more information.
Top of section

Advisory Details

Issue ReferencesFor more information about this issue, see the following references:
ReferencesIdentification
CVE ReferenceCVE-2013-1347 
Top of section
Affected SoftwareThis advisory discusses the following software.
Affected Software 
Operating SystemComponent
Internet Explorer 8
Windows XP Service Pack 3Internet Explorer 8
Windows XP Professional x64 Edition Service Pack 2Internet Explorer 8
Windows Server 2003 Service Pack 2Internet Explorer 8
Windows Server 2003 x64 Edition Service Pack 2Internet Explorer 8
Windows Vista Service Pack 2Internet Explorer 8
Windows Vista x64 Edition Service Pack 2Internet Explorer 8
Windows Server 2008 for 32-bit Systems Service Pack 2Internet Explorer 8
Windows Server 2008 for x64-based Systems Service Pack 2Internet Explorer 8
Windows 7 for 32-bit Systems Service Pack 1Internet Explorer 8
Windows 7 for x64-based Systems Service Pack 1Internet Explorer 8
Windows Server 2008 R2 for x64-based Systems Service Pack 1Internet Explorer 8
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1Internet Explorer 8
 
Full Article
 
TH

9 replies

ProTruckDriver
Moderator
Thanks for the post TH. It looks like it's time to go shopping for a new computer and put my 2 Win XP's to sleep since IE-8 is the most updated IE browser I can install on them.

RetiredTripleHelix
Gold VIP
Forum|alt.badge.img+56
Or don't use IE8 for now and use FF, Opera, Chrome or some other Browser.
 
Daniel

  • Bronze VIP
  • 1525 replies
  • May 5, 2013
You're right TH.

RetiredTripleHelix
Gold VIP
Forum|alt.badge.img+56

http://krebsonsecurity.com/wp-content/themes/krebsads/krebsads/images/header.jpg

06
May 13

Zero-Day Exploit Published for IE8

Security experts are warning that a newly discovered vulnerability in Internet Explorer 8 is being actively exploited to break into Microsoft Windows systems. Complicating matters further, computer code that can be used to reliably exploit the flaw is now publicly available online.
http://krebsonsecurity.com/wp-content/uploads/2012/09/IEwarning.pngIn an advisory released May 3, Microsoft said it was investigating reports of a vulnerability in IE8, and that it was aware of attacks that attempt to exploit this bug. The company stresses that other versions of IE — including IE6, 7, 9 and 10 are not affected by the vulnerability. However, all versions of IE8 are vulnerable, including copies running on Windows XP, Vista and Windows 7.
Meanwhile, a new module that exploits this IE8 bug is now available for the Metasploit Framework, a free penetration testing tool. I would expect this exploit or some version of it will soon be rolled into commercial exploit kits that are sold in the cybercrime underground (assuming this has not already happened).
The security hole has already been leveraged in at least one high-profile attack. Over the weekend, several security vendors reported that the U.S. Department of Labor Web site had been hacked and seeded with code designed to exploit the flaw and download malicious software.
The attack on the Labor Department site is seen as a watering hole attack, which involves the targeted compromise of legitimate websites thought to be of interest to or frequented by end users who belong to organizations that attackers wish to infiltrate. Previous watering hole attacks have targeted the Web site for the Council on Foreign Relations, the Association of Southeast Asian Nations, and the National Democratic Institute.
I like this: :robottongue:
Microsoft is working on an official patch for this bug. What can you do in the meantime to mitigate the threat from this flaw? For now,  browsing the Web with another browser is one answer, of course, and it may be more or less advisable depending on which version of Windows you run. "For example, Windows XP users can use another browser, and the only other option is rolling and using Internet Explorer 7 until Microsoft fixes this issue (not a great alternative)." Windows Vista and Windows 7 users can run Internet Explorer 9, and Windows 7 users can upgrade to IE 10, but should verify compatibility with their applications, as some custom settings may be necessary.
 
Full Article
 
TH

RetiredTripleHelix
Gold VIP
Forum|alt.badge.img+56

Microsoft Security Advisory (2847140)Updated: Vulnerability in Internet Explorer 8 could allow remote code execution: May 8, 2013

 
http://technet.microsoft.com/en-us/security/advisory/2847140
 
CVE-2013-1347 MSHTML Shim WorkaroundThe Fix it solution that is described in this section is not intended to be a replacement for any security update. We recommend that you always install the latest security updates. However, we offer this Fix it solution as a workaround option for some scenarios.
 
Microsoft Fix it.
 
 
I still reconmmend that users still use the suggestions I posted earlier as the Microsoft Fix it is only a work around.

 
TH

cohbraz
Community Leader
  • Community Leader
  • 868 replies
  • May 12, 2013
The main reason I do not use IE is due to the lack of add-ons available for it. Chrome, Firefox, and Opera are far more customizable. 

RetiredTripleHelix
Gold VIP
Forum|alt.badge.img+56

Microsoft Security Advisory (2847140)

Vulnerability in Internet Explorer Could Allow Remote Code Execution

Published: Friday, May 03, 2013 | Updated: Tuesday, May 14, 2013
Version: 2.0
 
More Info
 
 

Microsoft Security Bulletin MS13-038 - Critical

Security Update for Internet Explorer 8 (2847204)

Published: Tuesday, May 14, 2013
Version: 1.0
 

General Information

Executive SummaryThis security update resolves one publicly disclosed vulnerability in Internet Explorer. The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for Internet Explorer 8 on Windows clients and Moderate for Internet Explorer 8 on Windows servers. This security update has no severity rating for Internet Explorer 9. For more information, see the subsection, Affected and Non-Affected Software, in this section.
The security update addresses the vulnerability by modifying the way that Internet Explorer handles objects in memory. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.
This security update also addresses the vulnerability first described in Microsoft Security Advisory 2847140.
Recommendation. Most customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.
For administrators and enterprise installations, or end users who want to install this security update manually, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service.
See also the section, Detection and Deployment Tools and Guidance, later in this bulletin.
 
Full Article
 
TH

shorTcircuiT
Gold VIP
A fix for it?  That was actually pretty quick.. Nice!
 
As always, thank you Daniel!

RetiredTripleHelix
Gold VIP
Forum|alt.badge.img+56
Yeppers! And you're very welcome as always. ;)
 
Daniel

Reply