A French IT security firm recently warned of a new vulnerability that opens most versions of Microsoft Internet Explorer open to attack.
December 22, 2010
A French IT security firm recently warned of a new vulnerability that opens most versions of Microsoft Internet Explorer open to attack.Should a successful hack be launched, the attacker could circumvent many of the defenses available in both Windows Vista and Windows 7. The attacker could also run code of their choice on the target system.
To make the situation more pressing, the Metasploit project recently added an exploit to its database that successfully evades Microsoft's ASLR (Address Space Layout Randomization) and bypass DEP (Data Execution Prevention) defenses.
In an e-mail to InformationWeek, Microsoft noted that there is currently no indication that customers are being attacked. Late this evening, Microsoft's Security Research & Defense blog posted an update and mitigation guidance for the vulnerability.
Microsoft provided some details on the exploit:
"The Metasploit project recently published an exploit for this vulnerability using a known technique to evade ASLR (Address Space Layout Randomization) and bypass DEP (Data Execution Prevention).
In a few words, Internet Explorer loads mscorie.dll, a library that was not compiled with /DYNAMICBASE (thus not supporting ASLR and being located always at the same base) when processing some html tags. Attackers use these predictable mappings to evade ASLR and bypass DEP by using ROP (return oriented programming) gadgets from these DLLs in order to allocate executable memory, copying their shellcode and jumping into it. Note that without that predictable mapping, the only public ways to evade ASLR and DEP is through:
• Use of this (in case the current vulnerability allows) or another vulnerability as an information leak.
• Using techniques such as JIT-spraying or similar ones. Please note IE only JITs IE9's javascript and there are security mitigations in place. But third party plugins could JIT in an insecure manner.
"
The same post recommends users employ Enhanced Mitigation Experience Toolkit (EMET) to block the threat. According to Microsoft, by using EMET, the associated mandatory ASLR, Heap Spray pre-allocation, and EAT Filtering will all mitigate the risk associated with this attack.
Microsoft also has more information in Security Advisory 2488013.
For my security and technology tweets throughout the day, find me on Twitter.
About the Author(s)
You May Also Like
Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024