IE Zero-Day Vulnerability

Microsoft Security Advisory 2963983 – Vulnerability in Internet Explorer Could Allow Remote Code Execution – TechNet

General Information

Executive Summary

Microsoft is aware of limited, targeted attacks that attempt to exploit a vulnerability in Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11.

The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.

On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.

We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers. For information about protections released by MAPP partners, see MAPP Partners with Updated Protections.

Microsoft continues to encourage customers to follow the guidance in the Microsoft Safety & Security Center of enabling a firewall, applying all software updates, and installing antimalware software.

Mitigating Factors:

  • By default, Internet Explorer on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 runs in a restricted mode that is known as Enhanced Security Configuration. This mode mitigates this vulnerability.

  • By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML email messages in the Restricted sites zone. The Restricted sites zone, which disables script and ActiveX controls, helps reduce the risk of an attacker being able to use this vulnerability to execute malicious code. If a user clicks a link in an email message, the user could still be vulnerable to exploitation of this vulnerability through the web-based attack scenario.

  • An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

  • In a web-based attack scenario, an attacker could host a website that contains a webpage that is used to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker’s website.

More information in the full article. There is no patch. But Microsoft has given some recommendations which are easier to understand at Security Garden’s posting:

Recommendations

As illustrated in the “Security Research and Defense Blog” reference below, users of IE 10 and 11 should ensure they haven’t disabled Enhanced Protection Mode.

Another option is to install the Enhanced Mitigation Experience Toolkit (EMET). The recommended setting for EMET 4.1, available from KB Article 2458544, is automatically configured to help protect Internet Explorer. No additional steps are required.

See the Tech Net Advisory for instructions on changing the following settings to help protect against exploitation of this vulnerability:

  • Change your settings for the Internet security zone to high to block ActiveX controls and Active Scripting

  • Change your settings to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone.

 

Those still using Windows XP on the Internet, please be aware:

VERY IMPORTANT FOR ANY HOLD OUT WINDOWS XP USERS

This is the first of the security vulnerabilities that DOES NOT include workarounds  for Windows XP. The oldest Windows noted as being affected are: Windows Server 2003 SP2 and Vista SP2.

IMPORTANT NOTE: Once a Microsoft product’s support has expired — as is true now about Windows XP SP3 since April 8, 2014 — Microsoft no longer lists it as affected by the vulnerabilities being patched. Microsoft only list Windows versions which are still under Mainstream Support or Extended Support. This has always been the case.

If anyone is still using Windows XP on the Internet (UNWISE!!), it would be strongly recommended to disallow IE (Internet Explorer) access to the Internet through your software firewall*, and use another browser like Firefox and Google Chrome which will still be getting updates for a time.

* Any Windows XP users still on the Internet should at least have:

  • a hardware router with Stateful Packet Firewall
  • should be using a ‘real’ software firewall as well as a good AV program. Just one good choice that will continue to support Windows XP is ESET’s Smart Security which is a very good antivirus and firewall. It is the one I use. It is not free. There are several free antivirus programs but not many free security suites.
  • block Internet Explorer through the ESET or other software firewall.
  • should be using a 3rd party browser like Mozilla Firefox with NoScript, Adblock Plus and WOT to help sort out safer search results on search engines, or Google Chrome with ScriptSafe, Adblock Plus and WOT Extension.
  • uninstall Java entirely, keep Adobe Flash religiously updated for Firefox as long as Adobe continues to provide them. Google Chrome updates Flash within itself. Might want to switch from Adobe Reader to Sumatra PDF reader which is a simple PDF viewer.
  • need to be even more careful than ever before about where you go. The bad guys will be looking with great anticipation for computers with expired Windows XP.
  • no risky behavior
  • no banking … note very soon banks will be disallowing expired Windows XP entirely anyway.

IMPORTANT: You can not block a program from getting out to the Internet with the Windows XP Firewall. It is only a one way firewall. It only monitors incoming Internet requests, instead of both ways as any real firewall including Windows 7 and Windows 8 built-in software firewalls do.

Here’s a quote from a ZDNet article:

To those planning to stick resolutely with the aged Windows XP operating system even after Microsoft ends support next year, the advice from experts is simple: Don’t do it.

Again: I would strongly suggest you get a new computer, upgrade your computer if it can be upgraded to a modern/still supported Windows such as Windows 7 or Windows 8, or get a Mac, or you could  convert/upgrade the computer to Linux or use a Linux LiveCD to visit the Internet and still use Windows XP as a standalone NOT CONNECTED TO THE INTERNET computer.

If you need help with any of this, please contact your computer guru, join a forums like Scot’s Newsletter Forums – BATL (Bruno’s All Things Linux) to ask questions, or you can use the contact info on my website  to contact me for some help.

Advertisements

Microsoft Patch Tuesday March 2013 – Flash and Java

Microsoft has released seven items in their Security Bulletin for March 2013. Most are for Microsoft Office, one is for Internet Explorer and two in Windows itself.

NOTE: If you are using Windows 8, in addition to the other Microsoft Windows, Internet Explorer and Microsoft Office updates, you will also get a Flash update. Don’t forget that Flash is built into Internet Explorer in Windows 8, just like Flash is included with and updated by Google Chrome. What that means is that you do not have to keep Flash updated for those two browsers – IE 10 in Windows 8 and Google Chrome  keep Flash updated for you.

More information at Security Garden blog.

You do still need to keep Flash updated for other browsers like Firefox and Opera, and Internet Explorer on earlier versions of Windows.

Also don’t forget that Oracle’s Java has had three, count them three, updates over the past month for Java. Make sure/verify you are at the latest version of Java: Java 7 Update 17.

 

 

Flash Player Update Causes Firefox Crashes

[tweetmeme source=”franscomputerservices” only_single=false]Flash Player Update Causes Firefox Crashes
SecurityGarden and GHacks

Due to the severity of the vulnerabilities, it is still recommended to upgrade but either disable the Flash Plugin (as noted in the Security Garden posting) or edit the mms.cfg file to change protected mode to 0 as noted in the GHacks article.

There is a third alternative, remove the Flash Player entirely or disable it in Firefox, then install and use Google Chrome which has a pretty good Adobe Flash sandboxing mode already — at least until Adobe gets this issue corrected for Firefox users.

There is more information at the Adobe page about this: Inside Flash Player Protected Mode for Firefox – Adobe

Oracle Java SE Update – Critical Update

Oracle Java SE Update – Security Garden

Oracle Java released an update to Java SE 6 and Java SE 7.

Edited to clarify:  Included in the Oracle updates are eighty-eight (88) new critical security fixes across numerous Oracle products, listed in the Oracle Critical Patch Update Advisory.  It is strongly advised that the update be installed for those products as soon as possible due to the thread posed by a successful attack.

More in the article.

Time to start checking Java.com for updates from Oracle that fix the latest Bugfixes for Java for your Windows, Solaris, and Linux operating systems. Linux users can also check their distros for these updates, and Mac users should start checking rigorously for updates to Java SE 6 from Apple.

NOTE: As of 10:37 AM EDT today, April 28, 2012, the Java website still shows Java SE 6, Update 31.

You will want to check the download links on Security Garden’s posting for the most recent updates. Or here on Oracle’s download page for Java SE Runtime Environment 6 Update 32 for Linux, Solaris, Windows (mainstream version that works with most applications). Mac OS X users still need to get their Java SE 6, Update 32 from Apple, so please keep checking!

Thanks for keeping us updated on Oracle’s Java status, Security Garden!

Scot’s Newsletter Forums Celebrating their 8th Year!

[tweetmeme source=”franscomputerservices” only_single=false]Hard to believe that it has been 8 years since Scot Finnie — who is now the Editor in Chief of Computerworld — started a little experimental forum, Scot’s Newsletter Forums! Eight years later, it is still going strong.

I remember when the forums first started. Many of us were there from the beginning, or very nearly so. We were subscribers of Scot’s Newsletter when Scot announced to his subscribers.

I had been reading Scot Finnie’s articles since the old, now defunct WinMag days, and was saddened when they no longer published it. I lost track of Scot Finnie and a host of other writers for a time. I was very excited to hear about Scot Finnie and others who used to write for WinMag going on to have their own online/email newsletters and websites and finding them all over the place on the Internet.

The Scot’s Newsletter Forums has turned out to be a great place to gather, and help each other with various computer related issues, problems.

It’s a place where we SNF (Scot’s Newsletter Forums) “Highlanders” share our joys of success, and get help and understanding for our computer woes, and we have gained a level of friendship and community that is quite special, even among forums. I know that the SNF community literally reached out after the devastation of Hurricane Isabel, and physically and monetarily, as well as just emotional encouragement, helped us fix our roof — And I do mean physically. Some of the members who lived ‘near by’ actually traveled to our house with tools, materials and a willing spirit to help us put our roof back together. For those that wanted to help, but couldn’t come, they helped with providing funds to buy materials. It was a great blessing to us! And showed that even an Internet based community can be as real as any other community of neighbors, friends and family.

And all this while we work together with our various operating system situations whether it be Windows (ATW), Mac (ATM), and Linux (BATL) and other areas.

To help us celebrate the 8th year of Scot’s Newsletter Forums, ESET and WinPatrol have teamed up to help make the celebration all the more special by offering licenses to their great products in two different contests!

We really appreciate their generosity!!

Check out Corrine’s Security Garden posting about SNF 8th Anniversary as well; with even more information.

Happy 8th Anniversary Scot’s Newsletter Forums! It has been a wonderful thing to be a part of such a great ‘experiment’. 🙂

Security alert: Active links in Messenger 2009 temporarily turned off to prevent a malicious worm

[tweetmeme source=”franscomputerservices” only_single=false]
Security alert: Active links in Messenger 2009 temporarily turned off to prevent a malicious worm (InsideWindowsLive)

A particularly malicious worm (a self-replicating computer virus) is currently trying to spread itself through many of the world’s largest instant messaging and social networks, including Windows Live Messenger 2009. We’re very serious about protecting our customers, and are pursuing multiple avenues to help stop its progress. The worm spreads by inserting a link into an IM conversation with a person whose computer is already infected. When someone clicks the link, it opens in a browser, downloads the worm on the recipient’s computer, and then repeats this process.

It is spreading in Windows Live Messenger 2009 so Microsoft has disabled live/active links in messages.

Windows Live Messenger 2011 is not impacted so if you use Messenger, I would strongly recommend upgrading to Windows Live Messenger 2011.

If you suspect that you are infected, download and run a quick scan with Microsoft’s Malicious Software Removal Tool (MRT). If you find anything, run a deep scan after the quick scan.

Thanks to Corrine through Scot’s Newsletter Forums and her blog, Security Garden, for calling this information to our attention.

Apple, Microsoft, Adobe, Firefox, more

[tweetmeme source=”franscomputerservices” only_single=false]Finally getting back to this blog! Sheesh, time sure gets away from ya!

iPad

The iPad looks great! But…

Why couldn’t Apple have done a Mac OS X tablet! Mac OS X which really does just work but is still much more open than iPhone OS. I absolutely love my Mac, and I love my iPod Touch, but I wouldn’t want my iPod Touch’s iPhone OS on my Mac!

Apple’s new iPad coming soon and already introduced by Steve Jobs in the Keynote; but it is basically a tablet in the form of a larger iPod Touch. Including no Flash player still (but can you blame Apple for not including Flash – yes and no LOL!)? Also, apparently, including still only allowing single apps to run at a time?

Also playing games with eBooks and their customers and retailers, and basically saying that their fiddling will only mean that all eBooks will be the same price (albeit Apple’s higher pricing worked out by playing games with the publishers) — kinda a reversal of what they did with the music labels, by the way.

EDIT (added this paragraph): Speaking of single apps only at a time like the iPhone OS … I remember the Windows 7 Starter on netbooks which restricted users to 3 concurrent apps at a time and people were very upset about it. (Thanks to @Blair_42 for reminding me about it. We talked about this on the JimmyLee and Bambi Show Saturday night on CNIRadio, or JimmyLee and I talked about it before the show…will have to go back and listen to the show to be sure LOL!)

… all instead of a Mac OS X tablet that would be able to do so much more, and be more open than the TOTALLY closed environment of the iPhone OS.

Don’t get me wrong, I love my iPod Touch, but it is not the venue I would want for a tablet computer.

Microsoft

Security Garden reports;

Microsoft released thirteen security bulletins addressing twenty-six vulnerabilities. Windows is affected by eleven of the bulletins and older versions of Office by the remaining two bulletins. Of the bulletins, the following are rated as Critical: MS10-006, MS10-007, MS10-008, MS10-013, and MS10-015.

Much more in the Security Garden article.

But this is after next to nothing in January, mind you.

And Researchers warn of likely attacks against Windows, PowerPoint;

Hackers will jump on several of the bugs Microsoft patched today

And of course, there’s also The Windows 7 honeymoon is over as well.

Joy…Windows XP is long in the tooth, Vista is a total dud, and now the only contender for Windows is Windows 7. I personally love Windows 7, but it does have some oddities that are quite annoying.

Flash

Back to the part about no Flash on the iPad, as I say, who can blame Apple’s decision on Flash when you have things like Adobe screw-up leave Flash flaw unpatched for 16 months?

Firefox

Those that know me, know that I highly suggest that folks use Firefox due to the lack if Active-X and it’s related vulnerabilities, as well as the extension system which has been very helpful; NoScript, Adblock Plus, MyWOT, and so many more wonderful extensions.

But there is the recent concern about Firefox Add-ons Infected;

Perhaps you read the Mozilla blog at http://blog.mozilla.com/addons/2010/02/04/please-read-security-issue-on-amo/ where it was revealed that two add-ons for Firefox were infected with Trojans. In this case the distribution was very small, so not many users were infected, but this type of attack is likely to grow.

And then there is the outright annoyance of HTML 5 and NO H.264 support in Firefox 3.6

Just when HTML 5 is finally breaking ground…We have Firefox 3.6, which supports HTML 5, but which is also a step backward in compatibility with video sites?! Huh?!

What good is HTML 5 support in Firefox if they take away H.264 support?! I understand ADDING Ogg Theora support, but removing H.264 support?

I applaud YouTube, Vimeo, Blip.TV, etc. (hopefully Hulu too), for going to a more open standard like HTML 5 (instead of Flash) for their delivery method of their video content, but they are staying with the same H.264 codec for the videos themselves.

So, why would Firefox, at this particular juncture, remove the ability to play H.264 from Firefox so all their Firefox 3.6 users (even on a computer with the proper codecs installed) get greeted with this:

Firefox 3.6 and YouTube HTML 5 breakage

Or is Flash the ONLY way to get H.264 compatibility?! Which would really stink big time.

I predict, sadly that many will move from Firefox to other browsers as their main browser due to this major annoyance to browsers such as Google Chrome, or Safari who also support HTML 5 but also support H.264.

I am very disappointed about this. And the only way to get around this is what to stay with Firefox? Stay with Firefox 3.5.7? Brilliant move Mozilla. And this from a Firefox user who has been thrilled with Firefox all the way since before it was Firefox in the Beta days. *Sigh*

Me? I don’t know. For general surfing, Firefox with the security addons that I use and other addons that make life easier, I may stay with Firefox. But now I will have to look elsewhere for video rendering of H.264 on all the video sites?!

More…

Oh, and apparently there may be some malware that is currently corrupting DNS or redirecting results for any of the built-in or toolbar search engines in both Firefox and Internet Explorer.

I am not sure which combination appears to do it, but one client got hit by malware (and removed it with Malwarebytes Antimalware), and found that even after the malware was gone — and BTW the host file was clean — they would get misdirected to bogus sites if they used the built-in search engine for Google or use the Yahoo Toolbar in both Firefox or Internet Explorer. However, correct results would happen when going directly to the search engine website like google.com, ixquick.com or yahoo.com. Very interesting.

Buying a new computer? Here’s some great information from Bits from Bill Pytlovany (creator of WinPatrol — great program by the way!) and the article has nothing to do with buying or using WinPatrol. 😉

Here’s the lead in to his article over Bits from Bill blog:

Bits from Bill Pytlovany: Brand New Computer? Read Me First!

Did you think I was going to start out by telling you all to install WinPatrol as soon as you opened up your new computer? Guess again. I always try to write my articles from a different point of view and today may not be what you expect.

For the 2nd time I’ve had to return the Dell All-in-One Multi-Touch computer system that I’ve been dreaming about for months. The first unit had to go back because Dell shipped the wrong configuration. The 2nd system had to go back due to internal hardware failure. I should have known something was wrong when I could hear loose parts when I took the computer out of the box.

My point today is take a little time to insure your brand new computer is everything it should be or you may be sorry. Before you install your favorite software on your brand new system I have a few recommendations.

Great article.

The Bits from Bill blog also has some great posts. One in particular is Who Gets Your Personal Information on Facebook?

Well that’s enough for today, I think…

EDIT: Added inline edit about concurrent apps