dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
4895
share rss forum feed


goalieskates
Premium
join:2004-09-12
land of big

1 recommendation

reply to Dustyn

Re: IE Zero-Day

said by Dustyn:

Who the hell cares if IE6 is vulnerable?
Microsoft has to stop patching IE6 or people will continue to use it.
»www.ie6countdown.com/

And the newer versions aren't? The more complex things become, the more vulnerable they are. Anyone who's actually worked in coding knows that.

You may like the newer versions, you may like their new functionality, but that doesn't automatically mean they're safer. They have problems and attack vectors IE6 never even dreamed of. Let's not confuse programming reality with marketing.


Cartel
Premium
join:2006-09-13
Chilliwack, BC
kudos:2
Reviews:
·TekSavvy DSL
·Shaw
·TELUS

1 recommendation

reply to siljaline

said by siljaline:

MS FixIt available at this MS KB.
»support.microsoft.com/kb/2794220

I'm surprised it didn't say to disable Internet Explorer along with the Sidebar.


Dustyn
Premium
join:2003-02-26
Ontario, CAN
kudos:11

1 edit

1 recommendation

reply to goalieskates

said by goalieskates:

said by Dustyn:

Who the hell cares if IE6 is vulnerable?
Microsoft has to stop patching IE6 or people will continue to use it.
»www.ie6countdown.com/

And the newer versions aren't?

People using Internet Explorer 9-10 are not impacted... So in this instance, newer is better. However, I'm only referencing this particular vulnerability. For Microsoft to also patch IE6 is a step backwards from their own abandon IE6 campaign.
--
Remember that cool hidden "Graffiti Wall" here on BBR? After the name change I became the "owner", so to speak as it became: Dustyn's Wall »[Serious] RIP


goalieskates
Premium
join:2004-09-12
land of big

said by Dustyn:

People using Internet Explorer 9-10 are not impacted... So in this instance, newer is better. However, I'm only referencing this particular vulnerability. For Microsoft to also patch IE6 is a step backwards from their own abandon IE6 campaign.

It is, but the whole campaign is silly anyway. As long as the newer versions of IE are up to snuff, it really doesn't matter what other people choose to run. More to the point, people who run IE6 haven't upgraded their Windows, either - which hurts revenue and is really what that's all about.

We went to the moon without benefit of IE and Windows. If somebody doesn't want to go to a higher version browser and can live with Win98 or WinXP, more power to them.


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

Win 3.1 and IE 3.01 forever!



Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
kudos:3
Reviews:
·Frontier Communi..
reply to goalieskates

said by goalieskates:

... If somebody doesn't want to go to a higher version browser and can live with Win98 or WinXP, more power to them.

That is the challenge, though... living with them. In the case of Win98, not only can't one find secure browsers that will run under the OS, they can't even find current anti-malware software that will run. Nearly all of what one finds that will run (if they look really hard) is outdated ("vintage") and riddled with bugs or security holes. The only thing in one's favor is that the number of exploits targeting your OS is slowly declining - especially new zero-days. It's the main reason I finally took my Win98FE/KernelEx system off-line a couple of years ago (though I still run it at times as an isolated system for a few pieces of legacy software on it that I occasionally need).
--
“The American Republic will endure until the day Congress discovers that it can bribe the public with the public's money.” A. de Tocqueville


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

1 edit

said by Blackbird:

...I finally took my Win98FE/KernelEx system off-line a couple of years ago (though I still run it at times as an isolated system for a few pieces of legacy software on it that I occasionally need).

You can probably image it's HD(s) and run it as a Virtual Machine (VM). Then you'd have an anchor for a (small) boat

I have a bunch of VM's, including some of old hardware, and use them from time to time.

The good thing about VM's is that their HD(s) are just (VHD) files. Easily backed up and copied if you want to try/test something without messing up the original. I quite often test things in VM's.
--
Don't feed trolls--it only makes them grow!


Lagz
Premium
join:2000-09-03
The Rock

2 edits
reply to trparky

said by trparky:

Oh shit, I think I know how this exploit may work.

There's an attack technique which is used to overwrite the Structured Exception Handler which would, in any other case, catch the Null Reference Exception and handle it cleanly so that the program would not appear to crash.

But in the case of this exploit, it would overwrite the Structured Exception Handler using either a Stack-based Buffer Overflow or Heap Spray attack. Then, something would be used to trigger (a call to a null Object, in this case) the Exception Handler and since it's been overwritten with arbitrary code, the program would then be vulnerable to attack.

All of which EMET helps guard a program against.

I wonder if flash or IE uses standard exception handlers or do they write their own? My instructor in C# told us to write our own exception handling when possible rather than throw standard exceptions, this might be why. When I was first introduced to exceptions I was like, HELL YEA I don't have to write as much code now. We had been writing our own exception handling up to that point. I wonder if they are just throwing standard exceptions if that's a result from laziness or management hurriedly wanting code pushed out the door?
--
When somebody tells you nothing is impossible, ask him to dribble a football.


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
reply to Cartel

Happy New Year
Define sidebar Do you mean Gadgets



Lagz
Premium
join:2000-09-03
The Rock

said by siljaline:

Happy New Year
Define sidebar Do you mean Gadgets

»windows.microsoft.com/en-US/wind···overview
--
When somebody tells you nothing is impossible, ask him to dribble a football.


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico

Thanks for the link. IIRC, gadgets and sidebar are long gone by way of extenuating issues on both for a good while.

The exploit although there is a FixIt, the exploit is well explained here.



Oleg
Premium
join:2003-12-08
Birmingham, AL
kudos:2
reply to redwolfe_98

Microsoft did it again



siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico

said by Oleg:

Microsoft did it again

Did what again or are you just poking fun


Oleg
Premium
join:2003-12-08
Birmingham, AL
kudos:2

said by siljaline:

said by Oleg:

Microsoft did it again

Did what again or are you just poking fun

screwed up again, in security and stability field unlike other software development companies, like Mozilla,Opera in browser industry. Microsoft did not just have one or two stability or security issues.


therube

join:2004-11-11
Randallstown, MD
Reviews:
·Comcast
·Verizon Online DSL

3 recommendations

reply to redwolfe_98

Symantec Finds the Hackers Behind Microsoft’s Latest Zero-Day Flaw

Microsoft Won’t Patch Critical IE Flaw on Tuesday

(This coming Tuesday, that is.)



Smokey Bear
veritas odium parit
Premium
join:2008-03-15
Annie's Pub
kudos:4

1 recommendation

reply to chachazz

said by chachazz:

Microsoft Security Advisory (2794220)

Vulnerability in Internet Explorer Could Allow Remote Code Execution
| Updated: Monday, December 31, 2012

Microsoft Fix it solution, "MSHTML Shim Workaround", that prevents exploitation of this issue

See Microsoft Knowledge Base Article 2794220 to use the automated Microsoft Fix it solution to enable or disable this workaround.

Here it is : Fix it for me - FixIt Solution

Thanks for posting the fix-it solution chachazz See Profile however it seems that security firm Exodus Intelligence has managed to bypass the fix and compromise a fully-patched system...

Info here: »blog.exodusintel.com/2013/01/04/···12-4792/
--
»bit.ly/gUqYaH - C. Brian Smith: Think of the exclamation point as a car horn: a little goes a long way. Lay on it too hard and everyone’s going to think you’re a moron.


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico

The Krebs Article that redwolfe_98 See Profile originally posted has the FixIt



Smokey Bear
veritas odium parit
Premium
join:2008-03-15
Annie's Pub
kudos:4

2 recommendations

said by siljaline :
Some slight duplication of effort never hurt anybody. Better than no information • voila


chachazz
Premium
join:2003-12-14
kudos:9
Reviews:
·TELUS

1 recommendation

reply to Smokey Bear

said by Smokey Bear:


Thanks for posting the fix-it solution chachazz See Profile however it seems that security firm Exodus Intelligence has managed to bypass the fix and compromise a fully-patched system...

Info here: »blog.exodusintel.com/2013/01/04/···12-4792/

Absolutely essential info. Thank you very much Smokey Bear See Profile. Microsoft should be burning the midnight oil over this one.
quote:
After posting our analysis of the current 0day in Internet Explorer which was used in a watering hole style attack hosted on the Council for Foreign Relations website, we decided to take a look at the Fix It patch made available by Microsoft to address the vulnerability.

After less than a day of reverse engineering, we found that we were able to bypass the fix and compromise a fully-patched system with a variation of the exploit we developed earlier this week.

We have included details on the bypass to customers of our intelligence feeds and will notify Microsoft of the issue. In practice with coordinated vulnerability disclosure, we intend to update this post with details when Microsoft has addressed the problematic patch.


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
reply to Smokey Bear

Researchers Bypass Microsoft Fixit for IE Zero Day



chachazz
Premium
join:2003-12-14
kudos:9
Reviews:
·TELUS

1 recommendation

reply to Smokey Bear

SANS Internet Storm Center Diary
quote:

"FixIt" Patch for CVE-2012-4792 Bypassed
Published: 2013-01-04,
Last Updated: 2013-01-04 23:36:34 UTC
by Guy Bruneau (Version: 1)

On the 1 Jan 2013, Johannes posted a diary on a Microsoft FixIt made available for IE as a way of mitigating the CVE-2012-4792 zero day attack. Researchers at Exodus Intelligence reported today they have developed a new attack that bypasses the FixIt issued by Microsoft. They were able to bypass and compromised a fully-patched system using some variation of the exploit published this week.

You might want to take a second look at the diary published this week that is using EMET 3.5 as another tool to help defend your Windows systems against various attacks.

[1] »isc.sans.edu/diary.html?storyid=14788
[2] »blog.exodusintel.com/2013/01/04/···12-4792/
[3] »isc.sans.edu/diary.html?storyid=14797

-----------
»isc.sans.edu/diary.html?storyid=14824&rss=


antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:4
Reviews:
·Time Warner Cable
reply to therube

It could be one of those out of the bound (OOTB) releases.
--
Ant @ AQFL.net and AntFarm.ma.cx. Please do not IM/e-mail me for technical support. Use this forum or better, »community.norton.com ! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer.

slajoh01

join:2005-04-23

I dont get it....Why do large corporations still use IE as their main browser instead of using Firefox or Chrome if IE is that bad?



Smokey Bear
veritas odium parit
Premium
join:2008-03-15
Annie's Pub
kudos:4

1 recommendation

reply to chachazz

said by chachazz:
You might want to take a second look at the diary published this week that is using EMET 3.5 as another tool to help defend your Windows systems against various attacks.

[3] »isc.sans.edu/diary.html?storyid=14797
Thanks chachazz See Profile, valuable info in your post. The use of EMET is highly recommendable and SANS explains very well.
--
»bit.ly/gUqYaH - C. Brian Smith: Think of the exclamation point as a car horn: a little goes a long way. Lay on it too hard and everyone’s going to think you’re a moron.


DevilFrank

join:2003-07-13
Reviews:
·T-Com

said by Smokey Bear:

said by chachazz:
You might want to take a second look at the diary published this week that is using EMET 3.5 as another tool to help defend your Windows systems against various attacks.

[3] »isc.sans.edu/diary.html?storyid=14797
Thanks chachazz See Profile, valuable info in your post. The use of EMET is highly recommendable and SANS explains very well.

But will it work on W8 properly? Can´t find a version for it.
--
Regards from Germany. Please excuse my stumbling English


Smokey Bear
veritas odium parit
Premium
join:2008-03-15
Annie's Pub
kudos:4

1 recommendation

According to MS, EMET will not work with W8.



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

W8 has EMET (under another name?) built-in. Besides W8 comes with IE10 which isn't vulnerable.



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

1 edit

1 recommendation

reply to antdude

said by antdude:

It could be one of those out of the bound (OOTB) releases.

I think you mean Out Of Band

Out Of Bounds is usually sports related
--
Don't feed trolls--it only makes them grow!


trparky
Apple... YUM
Premium,MVM
join:2000-05-24
Cleveland, OH
kudos:2

Then Microsoft is wrong, I have EMET working on Windows 8 just fine.


slajoh01

join:2005-04-23

Why do large corporations still use IE as their main browser instead of using Firefox or Chrome if IE is that bad?

Also, If MS is not rolling out the patch on Tues, then we have two options basically. Use another browser, or upgrade to IE 9 and 10.

I am not upgrading to 9 or 10. They will have security flaws anyway...Im seriously thinking about using FF as my main browser. Im thinking of it very very much.

How about the rest of you? Are u guys willing to move to a different browser after this mess?