dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
4863
share rss forum feed


chachazz
Premium
join:2003-12-14
kudos:9
Reviews:
·TELUS

1 recommendation

reply to Smokey Bear

Re: IE Zero-Day

SANS Internet Storm Center Diary
quote:

"FixIt" Patch for CVE-2012-4792 Bypassed
Published: 2013-01-04,
Last Updated: 2013-01-04 23:36:34 UTC
by Guy Bruneau (Version: 1)

On the 1 Jan 2013, Johannes posted a diary on a Microsoft FixIt made available for IE as a way of mitigating the CVE-2012-4792 zero day attack. Researchers at Exodus Intelligence reported today they have developed a new attack that bypasses the FixIt issued by Microsoft. They were able to bypass and compromised a fully-patched system using some variation of the exploit published this week.

You might want to take a second look at the diary published this week that is using EMET 3.5 as another tool to help defend your Windows systems against various attacks.

[1] »isc.sans.edu/diary.html?storyid=14788
[2] »blog.exodusintel.com/2013/01/04/···12-4792/
[3] »isc.sans.edu/diary.html?storyid=14797

-----------
»isc.sans.edu/diary.html?storyid=14824&rss=


antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:4
Reviews:
·Time Warner Cable
reply to therube

It could be one of those out of the bound (OOTB) releases.
--
Ant @ AQFL.net and AntFarm.ma.cx. Please do not IM/e-mail me for technical support. Use this forum or better, »community.norton.com ! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer.

slajoh01

join:2005-04-23

I dont get it....Why do large corporations still use IE as their main browser instead of using Firefox or Chrome if IE is that bad?



Smokey Bear
veritas odium parit
Premium
join:2008-03-15
Annie's Pub
kudos:4

1 recommendation

reply to chachazz

said by chachazz:
You might want to take a second look at the diary published this week that is using EMET 3.5 as another tool to help defend your Windows systems against various attacks.

[3] »isc.sans.edu/diary.html?storyid=14797
Thanks chachazz See Profile, valuable info in your post. The use of EMET is highly recommendable and SANS explains very well.
--
»bit.ly/gUqYaH - C. Brian Smith: Think of the exclamation point as a car horn: a little goes a long way. Lay on it too hard and everyone’s going to think you’re a moron.


DevilFrank

join:2003-07-13
Reviews:
·T-Com

said by Smokey Bear:

said by chachazz:
You might want to take a second look at the diary published this week that is using EMET 3.5 as another tool to help defend your Windows systems against various attacks.

[3] »isc.sans.edu/diary.html?storyid=14797
Thanks chachazz See Profile, valuable info in your post. The use of EMET is highly recommendable and SANS explains very well.

But will it work on W8 properly? Can´t find a version for it.
--
Regards from Germany. Please excuse my stumbling English


Smokey Bear
veritas odium parit
Premium
join:2008-03-15
Annie's Pub
kudos:4

1 recommendation

According to MS, EMET will not work with W8.



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

W8 has EMET (under another name?) built-in. Besides W8 comes with IE10 which isn't vulnerable.



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

1 edit

1 recommendation

reply to antdude

said by antdude:

It could be one of those out of the bound (OOTB) releases.

I think you mean Out Of Band

Out Of Bounds is usually sports related
--
Don't feed trolls--it only makes them grow!


trparky
Apple... YUM
Premium,MVM
join:2000-05-24
Cleveland, OH
kudos:2

Then Microsoft is wrong, I have EMET working on Windows 8 just fine.


slajoh01

join:2005-04-23

Why do large corporations still use IE as their main browser instead of using Firefox or Chrome if IE is that bad?

Also, If MS is not rolling out the patch on Tues, then we have two options basically. Use another browser, or upgrade to IE 9 and 10.

I am not upgrading to 9 or 10. They will have security flaws anyway...Im seriously thinking about using FF as my main browser. Im thinking of it very very much.

How about the rest of you? Are u guys willing to move to a different browser after this mess?



Oleg
Premium
join:2003-12-08
Birmingham, AL
kudos:2

Exactly. There is no point of upgrading to IE 9 or 10. Thing is a lot of companies have a crazy policy that does not allow to go with any other browser, but freaking IE.


slajoh01

join:2005-04-23

1 edit

And do people or users know if they have been attacked from this exploit? What are the signs and symtoms?

Ok, then let me ask this to everyone.
For those of u here who have always have been a fan of IE or has or is still using IE as their main browser, are u considering to use another browser?

The reason I like IE, because I can lock it down using the Group Policy editor. Firefox does not have this kind of "granular" control.
And thats perhaps one of the reasons why System Admins prefer to use IE at most companies.

Until MS rolls out this fix or patch, I will use FF instead....in the meantime.



antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:4
Reviews:
·Time Warner Cable
reply to StuartMW

said by StuartMW:

said by antdude:

It could be one of those out of the bound (OOTB) releases.

I think you mean Out Of Band

Out Of Bounds is usually sports related

DOH! You're right. Dang sports.
--
Ant @ AQFL.net and AntFarm.ma.cx. Please do not IM/e-mail me for technical support. Use this forum or better, »community.norton.com ! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer.

daveinpoway
Premium
join:2006-07-03
Poway, CA
kudos:2

A security researcher has found a way to bypass Microsoft's temporary "fix":»www.computerworld.com/s/article/···13-01-07



chachazz
Premium
join:2003-12-14
kudos:9
Reviews:
·TELUS

said by daveinpoway:

A security researcher has found a way to bypass Microsoft's temporary "fix"n

Info posted by Smokey Bear See Profile (on page 2)
»Re: IE Zero-Day


trparky
Apple... YUM
Premium,MVM
join:2000-05-24
Cleveland, OH
kudos:2
reply to StuartMW

EMET does indeed work with Windows 8. I have it protecting Firefox on my Windows 8 installation.



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

said by trparky:

EMET does indeed work with Windows 8.

That wasn't my point BTW. I thought W8 included some version of EMET out of the box.
--
Don't feed trolls--it only makes them grow!


trparky
Apple... YUM
Premium,MVM
join:2000-05-24
Cleveland, OH
kudos:2

Maybe, I don't know.



trparky
Apple... YUM
Premium,MVM
join:2000-05-24
Cleveland, OH
kudos:2

ASLR and exploit mitigations
Address Space Layout Randomization (ASLR) was introduced in Windows Vista and is essentially a technique to mitigate the infamous “Buffer Overrun” vulnerabilities by randomly moving the location of code and data in memory. In Windows 8 randomization is increased in order to foil known techniques for bypassing ASLR. Other mitigations include changes to the Windows kernel and heap, including new integrity checks and randomization using a similar approach to ASLR. Internet Explorer 10 will also benefit from these changes: besides including an “Enhanced Protected Mode” sandbox, there will be a “ForceASLR” option in IE10 that can randomize all modules loaded into memory by the browser, regardless if those modules did not opt in to use ASLR protection (developers can create modules that take advantage of ASLR protection by using the optional /DYNAMICBASE flag).

EMET provides much more than that.
--
Tom
Boycott AT&T uVerse! | Tom's Android Blog | AOKP (The Android Open Kang Project)



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

1 recommendation

Well regardless XP/Vista/Win7 users would be well served by installing/configuring it. Win8 I'm not sure.
--
Don't feed trolls--it only makes them grow!



chachazz
Premium
join:2003-12-14
kudos:9
reply to redwolfe_98

Internet Explorer zero-day exploit found on more websites.
»nakedsecurity.sophos.com/2013/01···ebsites/



chachazz
Premium
join:2003-12-14
kudos:9
reply to trparky

Internet Explorer 9 and 10 are not vulnerable to this exploit.


slajoh01

join:2005-04-23

Where I work, we still use IE 8. What should companies urge to do in the meantime while MS decides to roll up the patch for this?

We cannot upgrade to IE 9 or 10.

And also, we not allowed to use Firefox and other browsers either.

The workarounds explained on the MS site, is to extend the Internet/Intranet Security zones to HIGH, and thats no good for the users because IE is then worthless to use....unless adding those sites in the Trusted Zones.

And also, even though if MS decides to roll out the patch on Tuesday, our IT department has to still then delay the patch deployment for about a week in order to test it with our applications.

So what should companies like this do in this case if this is a huge exploit???



trparky
Apple... YUM
Premium,MVM
join:2000-05-24
Cleveland, OH
kudos:2

EMET would be the best bet in that kind of situation.

Expand your moderator at work


therube

join:2004-11-11
Randallstown, MD
reply to redwolfe_98

Re: IE Zero-Day

"... Even though a security company has revealed that it had managed to bypass Microsoft’s one-click “Fix it” solution for Internet Explorer 8 and older, the Redmond-based software firm says that users are fully protected if they deploy the patch.

“We’ve reviewed the information and are working on an update, which we will make available to all customers on IE6-8 as soon as it is ready for distribution,” said Dustin Childs, group manager, Microsoft Trustworthy Computing, according to ThreatPost.

“In the meantime, the current Fix it, mitigations and workarounds available in Security Advisory 2794220 fully protect against all known active attacks. We also continue to encourage customers to upgrade their browsers to IE9-10, which are not affected by this issue.”

While Internet Explorer 9 and Internet Explorer 10 are not affected by the issue, security vendors across the globe are confirming that more websites have been compromised in order to exploit the flaw.

“The whole point of the waterhole tactic is that they believe such sites, although usually not with high numbers of users, will have interesting visitors,” said Jindrich Kubec, Avast Virus Lab’s director of Threat Intelligence. “At least two of the sites use the same spyware binary with exactly same configuration. The rest look a bit different, but we haven’t investigated it thoroughly yet.”..."

»news.softpedia.com/news/Microsof···47.shtml



Oleg
Premium
join:2003-12-08
Birmingham, AL
kudos:2
reply to redwolfe_98

Just checked Windows Updates, and 9 security updates were listed.


slajoh01

join:2005-04-23

3 edits

1 recommendation

Will MS ever roll out this patch in the near future for IE 8?

Thanks!!!



Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
kudos:3
Reviews:
·Frontier Communi..

1 recommendation

reply to redwolfe_98

As with all software patches, from all sources, they'll roll out a patch when and if they're ready. First they have to determine the scope of the causal factors, then find fixes that don't break things, then test against all manner of system setups. Each step takes time to be done properly, and little can be accomplished by trying to do the steps in parallel.
--
“The American Republic will endure until the day Congress discovers that it can bribe the public with the public's money.” A. de Tocqueville



antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:4
Reviews:
·Time Warner Cable

said by Blackbird:

As with all software patches, from all sources, they'll roll out a patch when and if they're ready. First they have to determine the scope of the causal factors, then find fixes that don't break things, then test against all manner of system setups. Each step takes time to be done properly, and little can be accomplished by trying to do the steps in parallel.

Yep, don't rush them. We don't want a buggy release.
--
Ant @ AQFL.net and AntFarm.ma.cx. Please do not IM/e-mail me for technical support. Use this forum or better, »community.norton.com ! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer.