Tuesday, September 25, 2012

BBC News: Browsers under attack

Ugly situation with with an ugly fix. hopefully a patch come out soon for this... Microsoft issues workaround for IE 0-day exploited in current attacks Posted on 18 September 2012. Microsoft has issued a security advisory with advice on how to patch a Internet Explorer zero-day vulnerability recently spotted being exploited in the wild by attackers that might be the same ones that are behind the Nitro attacks. The existence of the flaw and a working exploit for it has been revealed by security researcher and Metasploit contributor Eric Romang, who discovered it on 14 September while monitoring some of the infected servers used by the Nitro gang in the recent Java attacks. 


The Rapid7 team got right on it and created a module exploiting the vulnerability for the Metasploit exploit toolkit during the weekend, and advised IE users to switch to other browsers such as Chrome or Firefox until Microsoft patches the flaw security update becomes available. Microsoft has reacted fast by issuing a security advisory yesterday, in which it confirms the existence of the flaw in Internet explorer 9 and all previous versions (IE10 is not affected), and offers instructions on steps the users can take to mitigate - but not yet remove - the threat: Deploy the Enhanced Mitigation Experience Toolkit (EMET) and configure it for Internet Explorer Set Internet and Local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone. These steps could bring additional problems to the users, such as being bombarded by a slew of security warnings, so until Microsoft releases a definitive patch for the hole, maybe it would be easier for IE users to take Rapid7's advice and switch to another browser for the time being

Microsoft warns on previously unseen IE bug

Microsoft has released a temporary software fix for a newly discovered bug in its Internet Explorer web browser.

The problem, which affects hundreds of millions of IE browser users, is being used by attackers to install the Poison Ivy trojan.

Iran confirms that a trojan attack has been found on some of its computer systemsThis piece of malware is used to steal data or take remote control of PCs.

Microsoft moved quickly to address the issue. In a blog post, it said that it was "working to develop a security update".

So-called zero-day, or newly discovered, vulnerabilities are rare. According to security firm Symantec, only eight such bugs were spotted in 2011.

Symantec research manager Liam O Murchu said they were dangerous to users because they were new.
"Any time you see a zero-day like this, it is concerning.

"There are no patches available. It is very difficult for people to protect themselves."

Alternative browsers:
The flaw was spotted by Luxembourg-based security expert Eric Romang, when his PC was infected by Poison Ivy last week.

Microsoft told users to download a free patch, the Enhanced Mitigation Experience Toolkit, as a temporary solution while the company continued to work on a long-term fix.

But experts warned the new software must be downloaded and manually configured, making it cumbersome for many ordinary users.

Some advised users to switch to alternative browsers, such as Google's Chrome or Mozilla's Firefox while the bug was being fixed.

It is expected that producing a proper update will take about a week.

No comments:

Post a Comment