kemical

Windows Forum Admin
Staff member
Premium Supporter
Joined
Aug 28, 2007
Messages
36,156
Microsoft warns of IE zero day vulnerablity Link Removed due to 404 Error Link Removed due to 404 Error Written by Link Removed due to 404 Error Tuesday, 24 November 2009 10:04
ie.gif


Workarounds for now

Software giant Microsoft has issued a security advisory that provides customers with guidance and workarounds for dealing with a zero-day exploit aimed at Internet Explorer. Over the weekend someone published the exploit code to the Bugtraq mailing list and while no active exploits of the vulnerability have been reported so far, it appears Microsoft is taking no chances.

Microsoft released Security Advisory 977981, which includes workarounds for an issue that exposes a flaw in Cascading Style Sheets that could allow for remote code execution. Vulnerabilities that allow remote-code execution generally result in patches rated as critical by Microsoft. The vulnerability affects IE 6 on Windows 2000 Service Pack 4, and IE 6 and IE 7 on supported editions of XP, Vista, Windows Server 2003 and Windows Server 2008.

The work around involves configures the browser to run in Protected Mode to limit the impact of the vulnerability. It also recommended setting the Internet zone security setting to "High" to protect against the exploit. The "High" setting will disable JavaScript, which currently is the only confirmed attack mode.Microsoft said IE 5.01 Service Pack 4 and IE 8 on all supported versions of Windows are not affected.

For an attack to work, the hacker would first have to get his victim to visit a Web site that hosted the exploit code. This could be a malicious Web site set up by the hacker himself or it could be a site that allows users to upload content.

Link Removed due to 404 Error
 


This post discusses a zero-day vulnerability in Internet Explorer (IE) that Microsoft warned about in 2009. Here are the key points from the provided information:
  • Issue: Microsoft warned about a zero-day exploit targeting Internet Explorer, which involved a vulnerability related to Cascading Style Sheets (CSS) that could lead to remote code execution.
  • Security Advisory: Microsoft issued Security Advisory 977981 to address the vulnerability. This advisory offered guidance and workarounds for users to protect themselves from potential exploits.
  • Affected Systems: The vulnerability impacted Internet Explorer 6 on Windows 2000 Service Pack 4, and IE 6 and IE 7 on supported editions of Windows XP, Vista, Windows Server 2003, and Windows Server 2008.
  • Workarounds:
  • Configure the browser to run in Protected Mode to limit the impact of the vulnerability.
  • Set the Internet zone security setting to "High" to protect against the exploit. This setting disables JavaScript, which was the confirmed attack mode at that time.
    • Unaffected Versions: IE 5.01 Service Pack 4 and IE 8 on all supported versions of Windows were reported as not being affected by this particular vulnerability.
    • Exploit Scenario: To exploit this vulnerability, a hacker would need to lure the victim to visit a website hosting the exploit code. This could be a malicious site created by the hacker or a legitimate site with user-upload functionality.
    The recommended actions included setting the browser to Protected Mode and adjusting the Internet zone security settings to "High" to mitigate the risk of exploitation. It's critical to stay informed about such vulnerabilities, apply relevant patches, and take necessary precautions to safeguard systems against potential threats.
 


Back
Top