Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: URL Update to Internet Explorer URL Handling Vulnerability SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
URL Update to Internet Explorer URL Handling Vulnerability

Earlier this month, Microsoft published KB943521. This article acknowledged that third party software had to validate URLs before passing them to Internet Explorer, as Internet Explorer will not validate them. Today, Microsoft published an update to the advisory, suggesting limited exploitation of this vulnerability.

Microsoft does not appear to plan to fix the issue in Internet Explorer. Instead, it asks vendors releasing tools that pass URLs to Internet Explorer to validate them.

 Thanks to Chris and Gilbert to alert us of the update! Let us know if you see an exploit in the wild, or if you encounter any 3rd party applications which are not protecting Internet Explorer.

Links:

www.microsoft.com/technet/security/advisory/943521.mspx

blogs.technet.com/msrc/archive/2007/10/25/ msrc-blog-october-25th-update-to-security-advisory-943521.aspx

 

I will be teaching next: Defending Web Applications Security Essentials - SANS San Francisco Spring 2020

Johannes

3693 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!