New Internet Explorer 0-day Vulnerability (Sept. 2012)

emet internet explorer
Martin Brinkmann
Sep 18, 2012
Internet Explorer, Security
|
17

Microsoft has published a security advisory today that is informing system administrators and end users about a new 0-day vulnerability affecting Internet Explorer 6, 7, 8 and 9 but not IE 10. The vulnerability is already actively exploited on the Internet which makes it a pressing matter for all Windows users who work with Internet Explorer.

The advisory itself does not reveal much about the vulnerability other than that its a remote code execution vulnerability that is giving the attacker the same rights as the logged in user if exploited successfully. Internet Explorer users need to actively visit a website or open an HTML page in the browser for the attack to be successful. A specially prepared web page or hacked website are two possible scenarios.

A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.

Internet Explorer on Windows Server versions runs in restricted mode which mitigates the vulnerability. The same is true for Microsoft email clients such as Microsoft Outlook, as HTML emails are also opened in the restricted zone. HTML links on the other hand that open in Internet Explorer are still dangerous.

EMET, the Enhanced Mitigation Experience Toolkit, can be used to mitigate the vulnerability. You need to add Internet Explorer once you have installed the application. To do that you can either load one of the default configuration files or add iexplore.exe manually to the program.

emet internet explorer

Microsoft offers two additional mitigation workarounds.

  • Set Internet and Local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones, and add sites you trust to the Trusted Sites zone
  • Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone

You find detailed instructions on how to do that on the security advisory page. I have been running EMET on my systems ever since I discovered the application and have not experienced any issues doing so. Great program, definitely recommended.

In other news: while Internet Explorer 10 is not listed as vulnerable, it is still running a vulnerable Flash version. (thanks Ilev)

Advertisement

Related content

microsoft

Internet Explorer 11 is still not dead and will live another day
internet explorer to edge redirect

Last Call: Internet Explorer 11 to be Disabled Forever tomorrow
internet explorer to edge redirect

Internet Explorer will be disabled through a Microsoft Edge update in February 2023
internet explorer 11 disabled

Still using Internet Explorer 11 on Windows 10? It will be disabled in February 2023
internet explorer to edge redirect

Microsoft explains how it is retiring Internet Explorer
internet explorer to edge redirect

Microsoft: please stop using Internet Explorer before it runs out of support next month

Tutorials & Tips

How to verify link targets before you click on links

Open Pinned Sites In The Default Windows Browser

Why Websites Never Need Your Password


Previous Post: «
Next Post: «

Comments

  1. Tim said on October 11, 2012 at 7:50 am
    Reply

    I just read the following on a Windows Technet blog:
    “…we have tested EMET 3.0 on the Windows 8 Consumer Preview and it works great – we encountered no problems at all, so we encourage you to use EMET on all versions of Windows.”

    Can anyone think of a reason why Microsoft wouldn’t have installed EMET as standard on Windows 8?

    1. Martin Brinkmann said on October 11, 2012 at 8:48 am
      Reply

      Maybe because it has not been tested on the Windows 8 RTM, or there was not enough time to implement it natively into the operating system. I think it is very likely that we will see the tool being integrated into either Windows 8 soon or Windows 9.

  2. PixelWizard said on September 20, 2012 at 4:16 am
    Reply

    MS has now issued a ‘Fix it’ – a small bit of software -to repair IE so it’s usable again.

    See this tutorial which includes links to the Fix it (Microsoft Fixit 50939):

    http://dottech.org/81605/microsoft-releases-patch-for-internet-explorer-vulnerability-download-the-fix-now-to-stay-safe

  3. KRS said on September 19, 2012 at 9:06 pm
    Reply

    I’ve used IE several times this week before I heard about the vulnerability. Is there an easy way to find out whether I’ve been infected?

  4. Praveen said on September 19, 2012 at 12:46 pm
    Reply

    Its really harmful i have found some more information from here- http://www.hackersnewsbulletin.com/2012/09/zero-day-vulnerability-in-internet.html

  5. ilev said on September 19, 2012 at 8:49 am
    Reply

    German Government warns users to stay away from IE until Microsoft fix this hole.

    http://www.reuters.com/article/2012/09/18/us-microsoft-browser-idUSBRE88G1CA20120918

  6. Grantwhy said on September 19, 2012 at 3:25 am
    Reply

    I wonder if this might be the reason there was an update to Adobe Flash today? (and Adobe Shockwave)

    1. ilev said on September 19, 2012 at 8:52 am
      Reply

      No, they did not.

      http://helpx.adobe.com/flash-player/release-note/fp_114_air_34_release_notes.html

  7. ilev said on September 18, 2012 at 9:32 am
    Reply

    Martin,

    I would like to install EMET but am afraid it will break some of the security applications
    (anti-virus, Heuristic defense ….) on Windows 7. The latest stable version is 3.0 while
    version 3.5 is beta.

    1. Martin Brinkmann said on September 18, 2012 at 9:50 am
      Reply

      Ilev I have not noticed anything like that. Remember that you configure EMET to work explicitly with executables you specify and nothing else.

      1. ilev said on September 18, 2012 at 10:45 am
        Reply

        Thanks. Will consider.

  8. ilev said on September 18, 2012 at 9:00 am
    Reply

    While Microsoft doesn’t reveal much about the vulnerability, others have revealed that the
    vulnerability installs the “Poison Ivy” trojan.

    1. ilev said on September 18, 2012 at 9:15 am
      Reply

      More info regarding the vulnerability :

      https://community.rapid7.com/community/metasploit/blog/2012/09/17/lets-start-the-week-with-a-new-internet-explorer-0-day-in-metasploit

      1. Martin Brinkmann said on September 18, 2012 at 9:19 am
        Reply

        Ilev thanks for posting additional information.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.

Advertisement

Spread the Word

Advertisement

Hot Discussions

Advertisement

Recently Updated

Latest from Softonic

Advertisement

About gHacks

Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.

The name and logo of Ghacks are copyrights or trademarks of SOFTONIC INTERNATIONAL S.A.
Copyright SOFTONIC INTERNATIONAL S.A. © 2005- 2024 - All rights reserved