Threat Level: green Handler on Duty: Richard Porter

SANS ISC: InfoSec Handlers Diary Blog - Microsoft Releases Out-of-Band Advisory for all Versions of Internet Explorer InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Microsoft Releases Out-of-Band Advisory for all Versions of Internet Explorer

Published: 2013-09-17
Last Updated: 2013-09-17 18:28:56 UTC
by John Bambenek (Version: 1)
5 comment(s)

Microsoft just released an advisory on an Internet Explorer vulnerability that would allow for remote execution.  The report references public availability of details of his vulnerability.  The long story short, a targetted attack that gets a user to view a malicious webpage (or malicious content on an otherwise safe webpage) could lead to memory corruption that could execute arbitrary code with the permissions of the logged in user.  Two suggested actions are provided by Microsoft, apply the FixIt provided by Microsoft or deploy EMET 3.0/4.0 which provides generalized protection of memory (and probably not a bad idea to deploy anyway).  Note, the FixIt ONLY applies to 32-bit versions of Internet Explorer.

This post will be updated with more details as the situation warrants.

--
John Bambenek
bambenek \at\ gmail /dot/ com
Bambenek Consulting

5 comment(s)
Diary Archives