BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Internet Explorer 8 0day

Posted May 6, 2013    BeyondTrust Research Team

Last week, news broke that the U.S. Department of Labor’s (DoL) website was compromised… and that it had been serving up Internet Explorer 0day to its visitors. This 0day, CVE-2013-1347 (Retina Audit 19041 – Microsoft Internet Explorer 8 Remote Code Execution Vulnerability (Zero-Day)), only affects Internet Explorer 8 on Windows XP, Vista, and Windows 7 (as well as Server 2003, 2008, and 2008 R2). However, the exploit used on the U.S. Department of Labor website only targeted Windows XP machines. Here’s what else you need to know:

Metasploit module available, targeting Windows XP, Server 2003, Vista, and Windows 7 (PowerBroker Endpoint Protection Platform detects and defeats this module)

• Blocking/disabling Active Scripting in both Internet and intranet zones mitigates exploitation

• Highly likely this vulnerability will be used by exploit packs in the immediate future

• Vulnerability based on reliable use-after-free condition (mshtml!CGenericElement)

• Grants arbitrary code execution within the context of the currently logged on user (least privilege environment, anyone?)

So what can you do right now to protect your organization? If possible, use another browser like Chrome or Firefox, disable Active Scripting if you still have to use IE8, do not run as Administrator, and finally, upgrade – Internet Explorer 9 and 10 are not vulnerable to this issue.

Update 5-9-2013: Microsoft has released a Fix it for this 0day.

Tags:
, , , , , , ,

Leave a Reply

Additional articles

powerbroker-for-mac-diagram-small

PowerBroker for Mac: A Least-Privileged Apple a Day…

Posted July 27, 2015    Jason Silva

BeyondTrust PowerBroker for Mac reduces the risk of privilege misuse by enabling standard users on Mac OS X to perform administrative tasks successfully without entering elevated credentials.

Tags:
, ,
PrivilegedAccountManagement

On Demand Webinar – Now is the time for Privileged Account Management

Posted July 24, 2015    BeyondTrust Software

In this webinar, SANS Instructor and Founder of Voodoo Security, Dave Shackleford, will revisit several hacking and breach scenarios that involved privileged accounts, and use these as examples while discussing tools and tactics to get this problem under control once and for all.

Tags:
, ,
dave-shackleford-headshot

Privileged Account Management: The Time is Now

Posted July 22, 2015    Dave Shackleford

There’s plenty of problems we don’t have great options for in InfoSec today. Malware is a pain point that keeps evolving rapidly. 0-day exploits are tough to prepare for. Privileged account management? We got this. We know the root causes, we know how it manifests, we know how to get it under control effectively, and there are great technology solutions that are enterprise-class.

Tags:
, ,