US CERT: STOP browsing with internet explorer.

why? and what to do now?

Autor: Jozef Džama

US CERT

The US Computer Emergency Readiness Team

US-CERT strives for a safer, stronger Internet for all Americans by responding to major incidents, analyzing threats, and exchanging critical cybersecurity information with trusted partners around the world.



What's the problem

Microsoft Internet Explorer contains a use-after-free vulnerability, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

use-after-free vulnerability

Low-level inspection of the mentioned vulnerability places it into a class that accounts for a large number of recently-discovered IE exploits called “Use After Free”. Such vulnerabilities are usually caused by active JavaScript code embedded inside HTML files that allocate objects and reference them inside the context, only to afterwards free the memory location at which the object resides, without checking if the location still has variables pointing towards it.

back to our problem

This particular vulnerability is being exploited in the wild. Although no Adobe Flash vulnerability appears to be at play here, the Internet Explorer vulnerability is used to corrupt Flash content in a way that allows ASLR to be bypassed via a memory address leak. This is made possible with Internet Explorer because Flash runs within the same process space as the browser. Note that exploitation without the use of Flash may be possible.

Detailed Description

http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html

Recommendations

  1. Unregistering VGX.DLL
  2. Some configurations of Internet Explorer
  3. US-CERT rarely goes as far as to recommend that Americans switch browsers - See more at: http://www.itnews.com/windows/77943/us-cert-americans-stop-browsing-ie#sthash.E8qL7M2m.dpufSwitching to anoth
    Switching to (another) web browser.

US-CERT rarely goes as far as to recommend that Americans switch browsers - See more at: http://www.itnews.com/windows/77943/us-cert-americans-stop-browsing-ie#sthash.E8qL7M2m.dpuf
US-CERT rarely goes as far as to recommend that Americans switch browsers - See more at: http://www.itnews.com/windows/77943/us-cert-americans-stop-browsing-ie#sthash.E8qL7M2m.dpuf
US-CERT rarely goes as far as to recommend that Americans switch browsers - See more at: http://www.itnews.com/windows/77943/us-cert-americans-stop-browsing-ie#sthash.E8qL7M2m.dpuf
US-CERT rarely goes as far as to recommend that Americans switch browsers - See more at: http://www.itnews.com/windows/77943/us-cert-americans-stop-browsing-ie#sthash.E8qL7M2m.dpuf

    my recommendation

    So which one would you choose?

    bibliography

    • http://www.itnews.com/windows/77943/us-cert-americans-stop-browsing-ie
    • http://www.computerworld.com/s/article/9246877/US_CERT_urges_XP_users_to_dump_IE
    • http://www.us-cert.gov/ncas/current-activity/2014/04/28/Microsoft-Internet-Explorer-Use-After-Free-Vulnerability-Being
    • http://www.kb.cert.org/vuls/id/222929
    • https://www.owasp.org/index.php/Using_freed_memory
    • http://blogs.ixiacom.com/ixia-blog/yet-another-internet-explorer-use-after-free-exploit/


    thank you for  attention.


    Questions?              

    US CERT: STOP browsing with internet explorer

    By Jozef Džamal Džama

    Made with Slides.com

    US CERT: STOP browsing with internet explorer

    • 690

    More from Jozef Džamal Džama