Guru3D.com Forums

Go Back   Guru3D.com Forums > General Chat > Frontpage news
Frontpage news Perhaps you have some news to report or want to check out the latest Guru3D headlines and comment ? Check it in here.


Reply
 
Thread Tools Display Modes
Microsoft Warns of Attacks on IE Zero-Day
Old
  (#1)
Veeshush
Maha Guru
 
Veeshush's Avatar
 
Videocard: MSI GTX 680 Lightning
Processor: Phenom II X6 1100T @ 4GHz
Mainboard: GA-MA790X-UD4P
Memory: CorsairDominator 4GB DDR2
Soundcard: X-Fi Titanium HD
PSU: ENERMAX REVOLUTION85+
Exclamation Microsoft Warns of Attacks on IE Zero-Day - 04-27-2014, 22:51 | posts: 985

Quote:
Microsoft is warning Internet Explorer users about active attacks that attempt to exploit a previously unknown security flaw in every supported version of IE. The vulnerability could be used to silently install malicious software without any help from users, save for perhaps merely browsing to a hacked or malicious site.

In an alert posted on Saturday, Microsoft said it is aware of “limited, targeted attacks” against the vulnerability (CVE-2014-1776) so far.

Microsoft’s security advisory credits security firm FireEye with discovering the attack. In its own advisory, FireEye says the exploit currently is targeting IE9 through IE11 (although the weakness also is present in all earlier versions of IE going back to IE6), and that it leverages a well-known Flash exploitation technique to bypass security protections on Windows.

Microsoft has not yet issued a stopgap “Fix-It” solution for this vulnerability. For now, it is urging IE users to download and install its Enhanced Mitigation Experience Toolkit (EMET), a free tool that can help beef up security on Windows. Microsoft notes that EMET 3.0 doesn’t mitigate this attack, and that affected users should instead rely on EMET 4.1. I’ve reviewed the basics of EMET here. The latest versions of EMET are available here.

According to information shared by FireEye, the exploit also can be blocked by running Internet Explorer in “Enhanced Protected Mode” configuration and 64-bit process mode, which is available for IE10 and IE11 in the Internet Options settings as shown in the graphic above.

This is the first of many zero-day attacks and vulnerabilities that will never be fixed for Windows XP users. Microsoft last month shipped its final set of updates for XP. Unfortunately, many of the exploit mitigation techniques that EMET brings do not work in XP.
https://krebsonsecurity.com/2014/04/...n-ie-zero-day/
   
Reply With Quote
 
Old
  (#2)
Svarog
Ancient Guru
 
Svarog's Avatar
 
Videocard: Zotac GTX 680 4GB
Processor: Intel Core 4770K
Mainboard: Gigabyte Z87X-UD5H
Memory: 8GB G.Skill ARES 2133 MHz
Soundcard: SoundBlaster ZxR
PSU: Seasonic Platinum 760
Default 04-28-2014, 11:56 | posts: 3,840 | Location: The Netherlands

Thanks, i enabled Enhanced Protected Mode.
   
Reply With Quote
Old
  (#3)
Ghosty
Ancient Guru
 
Ghosty's Avatar
 
Videocard: -
Processor: -
Mainboard: -
Memory: -
Soundcard: -
PSU: -
Default 04-28-2014, 12:09 | posts: 3,479 | Location: UK

I take it this vulnerability is only when you are using the IE browser, and have flash installed?
   
Reply With Quote
Old
  (#4)
lucidus
Ancient Guru
 
lucidus's Avatar
 
Videocard: 780
Processor: i7 920 3.7GHz
Mainboard: Asus P6T Deluxe
Memory: 6GB
Soundcard: Onboard
PSU: EVGA 850w Supernova G2
Default 04-28-2014, 12:35 | posts: 7,213 | Location: Dubai

EMET looks interesting
   
Reply With Quote
 
Old
  (#5)
Ghosty
Ancient Guru
 
Ghosty's Avatar
 
Videocard: -
Processor: -
Mainboard: -
Memory: -
Soundcard: -
PSU: -
Default 04-28-2014, 12:42 | posts: 3,479 | Location: UK

Quote:
Originally Posted by lucidus View Post
EMET looks interesting
Yes it does. But I don't use Oracle, Wordpad, IE, Office, Flash. Which is what it protects.
   
Reply With Quote
Old
  (#6)
lucidus
Ancient Guru
 
lucidus's Avatar
 
Videocard: 780
Processor: i7 920 3.7GHz
Mainboard: Asus P6T Deluxe
Memory: 6GB
Soundcard: Onboard
PSU: EVGA 850w Supernova G2
Default 04-28-2014, 12:53 | posts: 7,213 | Location: Dubai

Quote:
Originally Posted by Ghosty View Post
Yes it does. But I don't use Oracle, Wordpad, IE, Office, Flash. Which is what it protects.
You can add programs to it manually. I just added Palemoon and Thunderbird.
   
Reply With Quote
Old
  (#7)
Ghosty
Ancient Guru
 
Ghosty's Avatar
 
Videocard: -
Processor: -
Mainboard: -
Memory: -
Soundcard: -
PSU: -
Default 04-28-2014, 13:14 | posts: 3,479 | Location: UK

Quote:
Originally Posted by lucidus View Post
You can add programs to it manually. I just added Palemoon and Thunderbird.
EMET is very, very good at locking a system down from outside attacks. I just have no need for it myself. Or for that matter have any idea how it works.
   
Reply With Quote
Old
  (#8)
Veeshush
Maha Guru
 
Veeshush's Avatar
 
Videocard: MSI GTX 680 Lightning
Processor: Phenom II X6 1100T @ 4GHz
Mainboard: GA-MA790X-UD4P
Memory: CorsairDominator 4GB DDR2
Soundcard: X-Fi Titanium HD
PSU: ENERMAX REVOLUTION85+
Default 04-29-2014, 00:07 | posts: 985

Quote:
Originally Posted by Ghosty View Post
I take it this vulnerability is only when you are using the IE browser, and have flash installed?
Yep.
Quote:
Exploitation
• Preparing the heap

The exploit page loads a Flash SWF file to manipulate the heap layout with the common technique heap feng shui. It allocates Flash vector objects to spray memory and cover address 0×18184000. Next, it allocates a vector object that contains a flash.Media.Sound() object, which it later corrupts to pivot control to its ROP chain.
http://www.fireeye.com/blog/uncatego...d-attacks.html

Quote:
Originally Posted by lucidus View Post
EMET looks interesting
I did try EMET once but then uninstalled it cause I was having issues. Some day I'll actually sit down and learn to fine tune it.
   
Reply With Quote
Reply

Tags
exploit, internet explorer, zero day

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



Powered by vBulletin®
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
vBulletin Skin developed by: vBStyles.com
Copyright (c) 1995-2014, All Rights Reserved. The Guru of 3D, the Hardware Guru, and 3D Guru are trademarks owned by Hilbert Hagedoorn.