Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Internet Explorer 8 0-Day Update (CVE-2013-1347) - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Internet Explorer 8 0-Day Update (CVE-2013-1347)

Thanks to our reader Juha-Matti for pointing out that a Metasploit module was released to exploit the recent Internet Explorer 8 vulnerability. The vulnerability has also been assigned CVE-2013-1347.

Please let us know if you are running into exploits for this vulnerability.

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

I will be teaching next: Intrusion Detection In-Depth - SIEM Summit & Training 2019

Johannes

3631 Posts
ISC Handler
5 days now since release of the advisory; no "FixIt", no date for a fix, no nothing from M$, XP users (over 1/3 of all users on the Web) hung out to dry. USE ANOTHER BROWSER all the time...
.
Jack

160 Posts
So this is still a targeted exploit as far as I can see, there are at least 3 other versions of IE available to users that aren't vulnerable, lowering user privileges reduce risk, A/V vendors are detecting (probably web filters too). I think there's enough risk mitigation options on this one...
IMFerret

10 Posts
Fixit now available: http://support.microsoft.com/kb/2847140
Updated with link to fixit page: http://technet.microsoft.com/en-us/security/advisory/2847140
Blog on Technet announcing fixit: http://blogs.technet.com/b/msrc/archive/2013/05/08/fix-it-for-security-advisory-2847140-is-available.aspx
FTWMike

24 Posts
Another reason to deploy EMET.
mbrownnyc

19 Posts
@mbrownnyc but the latest EMET requires the added risk (security & bad patches) of .NET 4.
FTWMike

24 Posts
Link to fix (KB2847204): http://www.microsoft.com/en-us/download/details.aspx?id=39031
FTWMike

24 Posts

Sign Up for Free or Log In to start participating in the conversation!