Threat Level: green Handler on Duty: Pasquale Stirparo

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2015-08-18 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Microsoft Security Bulletin MS15-093 - Critical OOB - Internet Explorer RCE

Published: 2015-08-18
Last Updated: 2015-08-19 05:41:24 UTC
by Russ McRee (Version: 1)
14 comment(s)

Security Update for Internet Explorer (3088903)

Recommendation: Test and patch ASAP

Mitigation option: EMET 5.2 configured to protect Internet Explorer (defautlt) is able to block the known exploit

Related Bulletin and KBs: 

https://technet.microsoft.com/library/security/MS15-093

https://support.microsoft.com/en-us/kb/3087985
https://support.microsoft.com/en-us/kb/3081444
https://support.microsoft.com/en-us/kb/3088903

Executive Summary

"This security update resolves a vulnerability in Internet Explorer. The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
This security update is rated Critical for Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows clients, and Moderate for Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows servers. For more information, see the Affected Software section.
The security update addresses the vulnerability by modifying how Internet Explorer handles objects in memory.
For more information about this update, see Microsoft Knowledge Base Article 3088903."

Vulnerability Information

"An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an instant messenger or email message that takes users to the attacker's website, or by getting them to open an attachment sent through email.
An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Systems where Internet Explorer is used frequently, such as workstations or terminal servers, are at the most risk from this vulnerability."

See bulletin for all affected software 

Russ McRee | @holisticinfosec

 

14 comment(s)
Diary Archives