|
Microsoft just publish KB Article 980088 [1] in response to the recently announced vulnerability in Internet Explorer. Microsoft confirms that it is possible for a malicious website to read files from the clients computer. All versions of Windows and Internet Explorer appear to be affected. There is currently no patch for this problem. Microsoft advices users to set the Internet and Local Intranet security zone settings to "High". This will cause a prompt before running ActiveX Controlls and active scripting. The attacker needs to know the file name. However, a typical target for this vulnerability would be a configuration file which is typically located at a predictable location. [1] http://www.microsoft.com/technet/security/advisory/980088.mspx ------ |
Johannes 4479 Posts ISC Handler Feb 3rd 2010 |
| Thread locked Subscribe |
Feb 3rd 2010 1 decade ago |
|
"All versions of Windows and Internet Explorer appear to be infected."
You might want to change that to "affected"... |
e.b. 17 Posts |
| Quote |
Feb 3rd 2010 1 decade ago |
|
No, "infected" sounds better.
|
e.b. 6 Posts |
| Quote |
Feb 3rd 2010 1 decade ago |
|
Come on...vulnerable, not infected. What are you going to tell your end users, other than use a different browser?
|
Richard 4 Posts |
| Quote |
Feb 4th 2010 1 decade ago |
|
Thanks Eb, changed the diary.
|
Mark 392 Posts ISC Handler |
| Quote |
Feb 4th 2010 1 decade ago |
|
does anyone have snort signature for this ?
|
Mark 1 Posts |
| Quote |
Feb 4th 2010 1 decade ago |
|
I snorted when I read "All versions of Windows and Internet Explorer appear to be infected." but I'm guessing that's not what you're looking for. :)
|
Mark 12 Posts |
| Quote |
Feb 4th 2010 1 decade ago |
|
If you want the real info on this vulnerability go here:
http://www.coresecurity.com/content/internet-explorer-dynamic-object-tag It will actually give you some idea of what you are dealing with. |
NoLemmingsPlease 5 Posts |
| Quote |
Feb 5th 2010 1 decade ago |
|
The IE exploit will probably be delivered through heavily obfuscated javascript, so I imagine a Snort signature would be very difficult to write. HIPS/Endpoint protection products are probably better equiped to detect and block it.
|
Shawn 29 Posts |
| Quote |
Feb 5th 2010 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!
https://www.sans.edu
