MS Security Advisory on IE Exploit Update 1

By on April 27, 2014 3:54:52 PM from JoeUser Forums JoeUser Forums

DrJBHL

Join Date 04/2002
+2168

 

A weekend blog post from MS about this. Not common at all.

This exploit would allow remote code execution if one visits an affected website, after browser compromise through email or even IM.

IE 10 and 11 are protected from this if they have “Enhanced Protection Mode” turned on. You are also protected if you have EMET 4.1 or 5.0 Tech Preview installed.

“Microsoft says that PC owners should always enable their personal firewall, make sure to have all of the latest software updates for their programs, and have all the most recent anti-virus and anti-malware definitions.

Finally, Microsoft said, " ... we encourage everyone to exercise caution when visiting websites and avoid clicking suspicious links, or opening email messages from unfamiliar senders." The blog did not have any information on when Microsoft will release a patch that will close this latest IE exploit.” – Neowin

 

Update 1:


MS has confirmed the security hole and workarounds - read more here:

http://www.neowin.net/news/microsoft-confirms-workarounds-for-internet-explorers-major-vulnerability


Source:

http://www.neowin.net/news/microsoft-issues-security-advisory-for-internet-explorer-exploit

50 Replies
Search this post
Subscription Options


Reason for Karma (Optional)
Successfully updated karma reason!
April 27, 2014 5:05:47 PM from WinCustomize Forums WinCustomize Forums

Thanks Seth.  

Reason for Karma (Optional)
Successfully updated karma reason!
April 27, 2014 5:12:10 PM from WinCustomize Forums WinCustomize Forums

e “Enhanced Protection Mode” turned on. Y

Screw 'em. I'm on XP/IE8

Reason for Karma (Optional)
Successfully updated karma reason!
April 27, 2014 5:21:07 PM from Elemental Forums Elemental Forums

Thanks Seth.  Will check, don't remember if its enhanced or not.  I don't browse with IE.... anyway. 

Reason for Karma (Optional)
Successfully updated karma reason!
Sign Up or Login and this ad disappears!
There are many great features available to you once you register. Sign Up for a free account and browse the forums without ads.
April 27, 2014 5:38:06 PM from WinCustomize Forums WinCustomize Forums

The truth? I use Chrome...and I have EMET 4.1 - it's free from MS.

Reason for Karma (Optional)
Successfully updated karma reason!
April 27, 2014 9:40:22 PM from WinCustomize Forums WinCustomize Forums

I use Chrome and never IE cause its butfugly.

Reason for Karma (Optional)
Successfully updated karma reason!
Reason for Karma (Optional)
Successfully updated karma reason!
Reason for Karma (Optional)
Successfully updated karma reason!
April 28, 2014 6:15:45 PM from WinCustomize Forums WinCustomize Forums

Has it yet been or can it be determined what systems would the attacks most likely be against (Government, Industry, Home Users)?  I want to apply the appropriate actions to prevent an attack on my system but I don't want to take unnecessary steps.  I have anti-virus and malware programs, each morning I check for updates.  I run full scans once a week and make backups, I also do quick scans every evening before turning off the computer. 

I have turned on Enhanced Protection Mode.

Would I be incorrect in expecting that sites such as Stardock/WinCustomize have all ready taken necessary and appropriate actions?

Reason for Karma (Optional)
Successfully updated karma reason!
April 28, 2014 6:27:17 PM from WinCustomize Forums WinCustomize Forums

Philly:

The primary infection comes through email. Then the remote executing code comes in when infected websites are browsed.

It will act on ANY computer, and the damage done depends where the computer is/used for.

Homeland Security, IT experts and yours truly say: Do what you can to fix IE but SWITCH BROWSERS until MS patches IE,.

Reason for Karma (Optional)
Successfully updated karma reason!
April 28, 2014 6:57:05 PM from Elemental Forums Elemental Forums

Thanks seth, the dialog box was very counter intuitive.   

Reason for Karma (Optional)
Successfully updated karma reason!
April 28, 2014 8:17:49 PM from Stardock Forums Stardock Forums

 

Running your computer system(s) from a 'least privilege' perspective (not using the 'admin' account and using the local security policy to lock down privileges further) is and always will be the single most important defensive tactic one can employ to combat malicious code execution (remote or otherwise).  Do yourselves a favour and reserve the 'admin' account for related 'admin duties' and browse/use the computer using a regular (limited privilege) account.  Honestly, every other type of 'precaution' one can think of (switching browsers, adding more security software, performing more scans etc. etc. etc.) combined don't amount to the level of overall system protection one garners through simply running one's PC with 'least privilege'.

 Of course applying any/all related security patches as they become available is always advisable.  No need to leave the barn door open....

@ Doc, as always.......thanks for the info! 

Reason for Karma (Optional)
Successfully updated karma reason!
April 28, 2014 8:36:31 PM from WinCustomize Forums WinCustomize Forums

SF Chronicle story: The company is working on a fix which it plans to provide in a software update on May 13.

I didn't see anything about IM concerns. I wouldn't know since I don't IM anyone but curious now; is the IM application browser dependent.

Reason for Karma (Optional)
Successfully updated karma reason!
April 28, 2014 8:44:21 PM from WinCustomize Forums WinCustomize Forums

@ the_Monk: You're not getting away with your cleverly disguised attempt to not prepare the article I want from you.

If you just do a paragraph or two per day, you'll finish with no strain, you know...

And I do agree that the best line of defense is the local and group security policies...so...we all continue to await your tutorial.

 

You're certainly welcome, the_Monk.



@ gmc2:

Quoting gmc2,

SF Chronicle story: The company is working on a fix which it plans to provide in a software update on May 13.

I didn't see anything about IM concerns. I wouldn't know since I don't IM anyone but curious now; is the IM application browser dependent.

IM concerns are the same as those for email, namely passing infected files which then compromise the browser (IE) and then, when the browser comes to an infected site, the remote access malware compromises the computer.

Reason for Karma (Optional)
Successfully updated karma reason!
April 28, 2014 9:54:04 PM from WinCustomize Forums WinCustomize Forums
Reason for Karma (Optional)
Successfully updated karma reason!
April 28, 2014 10:44:44 PM from WinCustomize Forums WinCustomize Forums

thanks for the clarification Doc.

Reason for Karma (Optional)
Successfully updated karma reason!
April 29, 2014 1:13:30 PM from Stardock Forums Stardock Forums

Quoting DrJBHL,
@ the_Monk: You're not getting away with your cleverly disguised attempt to not prepare the article I want from you.

If you just do a paragraph or two per day, you'll finish with no strain, you know...

And I do agree that the best line of defense is the local and group security policies...so...we all continue to await your tutorial.

 

I've been thinking a lot about any 'write up' I could do about least privilege (I started it a few times even added screenshots to one of my attempts) but I kept coming to the realisation no matter how I approached things while the concept of least privilege can be applied to any OS and/or hardware configuration, the ways in which one might do this are so numerous and varied as to make any one 'guide' not a realistic approach.

There are of course a few very general 'least privilege' principles one can use to shape / change the way most of us may have been (or may still be) thinking with regard to our computer system use.

1.  As has been exhaustively pointed out on the internet for years; use of limited user accounts for day to day activities.

2.  Using file permissions to grant/deny access to files for different user accounts.  Of course keeping in mind that the default behaviour is often for child objects to inherit parent object permissions and that DENY permissions over-ride ALLOW.  Delving deeper into file-permissions etc. often has the happy side effect of helping to create a more streamlined digital filing system as well.

3.  Using the local security policies to enforce additional privilege requirements such as privileges for things like driver installation, access to external or network devices, denying local console and/or remote logon to certain accounts/groups etc. etc.  This is obviously not for anyone who doesn't have a grasp on it, however the internet does have significant resources with regard to (and examples of) using/configuring 'local system security policies'.

'Least Privilege' is when it comes down to it, a completely flexible and therefore never truly enforceable (through standards) approach to computing.  Even when setting up a home wireless network.  Instead of just using the 'quick setup' offered by most new routers, one should use the 'manual' approach and apply some 'least privilege' thinking.  For example.  Most new home routers allow for 'segregation' of the wireless network from internal LAN clients.  Why might this be important to someone?  You may have a 'home server' with personal media or other data on it, by simply segregating the wireless network from your internal LAN (you still share the same internet connection) you have applied 'least privilege' and maybe prevented someone getting access to personal data.

 

Reason for Karma (Optional)
Successfully updated karma reason!
April 29, 2014 1:37:36 PM from WinCustomize Forums WinCustomize Forums

Another security point might be Disk encryption...

But the router point is well taken. Will try and get some better understanding of least privilege.


Just noticed that local group policies can't be edited in W7 Home Premium. 

Reason for Karma (Optional)
Successfully updated karma reason!
April 29, 2014 1:55:05 PM from Stardock Forums Stardock Forums

Quoting DrJBHL,
Just noticed that local group policies can't be edited in W7 Home Premium.   

 

That is correct.  Only the PRO versions of MS Windows 7 allow for editing of the policies.

Reason for Karma (Optional)
Successfully updated karma reason!
April 29, 2014 2:13:49 PM from WinCustomize Forums WinCustomize Forums

The University of South Carolina has come up with a unique fix for IE.

Today they removed IE from ALL employee computers. They have told the employees they may use Firefox or Chrome instead.

At first I thought it was just one department's IT that was doing this but apparently ALL the IT departments were told by the main USC IT to remove IE from all computers.

Reason for Karma (Optional)
Successfully updated karma reason!
April 29, 2014 2:20:29 PM from WinCustomize Forums WinCustomize Forums

Probably a good local policy.

Reason for Karma (Optional)
Successfully updated karma reason!
April 29, 2014 2:49:08 PM from WinCustomize Forums WinCustomize Forums

Quoting PoSmedley,
use Firefox or Chrome
Which has its own vulnerabilities. Other browsers are NOT "immune" to exploits. I wasn't aware IE could be removed from the OS, just disabled. WU depends on it, for one thing.

Arm-waving tinhat paranoia. More reading, if y'all have time for that.

"The bottom line is a combination of bias, lack of education, sheep mentality and the want to rush a story out, especially if it affects a lot of people along with words you can scare them with."

http://www.majorgeeks.com/news/story/stop_telling_people_that_removing_internet_explorer_will_make_them_safe(r).html

Reason for Karma (Optional)
Successfully updated karma reason!
April 29, 2014 3:12:18 PM from WinCustomize Forums WinCustomize Forums

I'm from the mindset that unfortunately folks tend to forget applying common sense to the use of computers and usually wind up reacting instead of acting.  We will all come up with our own opinions on IT Threats, the key is not losing our wits over them.  I think of it as much like taking a walk around the block you in live on, each time you go out you can and more than likely come across different things you should avoid, the occasional unleashed dog, the person at the corner with their hands in their pocket, etc.  You don't stop taking your walk, you just apply common sense.     

Reason for Karma (Optional)
Successfully updated karma reason!
April 29, 2014 3:27:38 PM from Stardock Forums Stardock Forums

 

Quoting Philly0381,
We will all come up with our own opinions on IT Threats,
 

Yeah well 'least privilege' goes more to one's overall 'approach' to computing rather than just being an opinion regarding threats etc.   Unfortunately that approach / stance towards computing hasn't yet become common sense for many!  

 

 

Quoting Philly0381,
I think of it as much like taking a walk around the block you in live on, each time you go out you can and more than likely come across different things you should avoid,

Ummm.........where are you going for walks Philly?   I can't remember the last time I came home from a nice little neighborhood walk having noted something else to avoid.       Well ok maybe if you count the odd pile of doggy-doo some careless owner failed to pick up, but then if I spot such an infraction (I usually have more than one bag with me anyway) I'll pick it up and dispose of it properly anyway. 

Reason for Karma (Optional)
Successfully updated karma reason!
April 29, 2014 4:56:52 PM from WinCustomize Forums WinCustomize Forums

Quoting Wizard1956,
Which has its own vulnerabilities. Other browsers are NOT "immune" to exploits. I wasn't aware IE could be removed from the OS, just disabled. WU depends on it, for one thing.

I'm confused. Windows Update is in the control panel. How does it rely on IE?

Reason for Karma (Optional)
Successfully updated karma reason!
April 29, 2014 5:07:46 PM from WinCustomize Forums WinCustomize Forums

Quoting kona0197,
How does it rely on IE?
 it uses the IE engine. I'm not going to explain how your computer works. Do your own googling.

Hint. Open WU in XP. You will see that IE is being used.

Reason for Karma (Optional)
Successfully updated karma reason!
Stardock Forums v1.0.0.0    #101114  walnut1   Server Load Time: 00:00:00.0000328   Page Render Time:

Home | About | Privacy | Upload Guidelines | Terms of Service | Help
WinCustomize © 2014 Stardock Corporation. All Rights Reserved.