BeyondTrust

Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

Land of the Rising IE 0day

Post by BeyondTrust Research Team September 17, 2013

A new Internet Explorer zeroday has surfaced that affects every supported version of Internet Explorer. It has been observed in the wild in targeted attacks in Japan. Current attacks are focusing on exploiting Internet Explorer 8 and 9 on Windows XP and 7 machines.

This is a use-after-free vulnerability in mshtml.dll, which is a DLL used by Windows to present HTML content to the user. The current exploitation vector relies on an extremely common Microsoft Office DLL, hxds.dll, which was compiled without address space layout randomization (ASLR) support. Attackers use DLLs like this to be able to more easily exploit a system, allowing them to execute arbitrary code at will.

To help mitigate this vulnerability, Microsoft has released a Fix it, which can be found here. Additionally, EMET 4.0 can be used to mitigate this vulnerability, as well as others.

Because the Fix it has been released, as well as a detailed blog post by Microsoft discussing the vulnerability, attackers will be able to deduce where the vulnerability lies, which greatly increases the likelihood of seeing this vulnerability exploited in areas outside of Japan. We expect to see this vulnerability incorporated into exploit frameworks in the near future.

The exploitation of this vulnerability is mitigated by built-in memory protections utilized by PowerBroker Endpoint Protection Platform, and is detected by Retina in the following audits:
30541 – Microsoft Internet Explorer MSHTML NULL_IMPORT_DESCRIPTOR (Zero-Day)
30542 – Microsoft Internet Explorer MSHTML NULL_IMPORT_DESCRIPTOR (Zero-Day) – x64

Tags:
,

Leave a Reply

Additional articles

Are you a Target? Investigating Security Breaches with Kevin Johnson

Last week, over 1,000 IT security professionals watched as Kevin Johnson, CEO of Secure Ideas, presented his expert opinion on lessons learned from recent, high-profile retail breaches. Here’s a summary of key takeaways from the webcast plus an on-demand recording of the full, 60-minute presentation. Understanding the “why” behind attacks According to Kevin, the primary…

Post by Chris Burd April 17, 2014
Tags:
, , , , ,

Vulnerability Expert Forum Highlights: April 2014

We had a great turnout for last week’s April 2014 Vulnerability Expert Forum (VEF) webcast. BeyondTrust Research experts, Carter and DJ, provided in-depth knowledge about the latest vulnerabilities and their potential impacts on network environments. Below are highlights from the Forum, plus an on-demand video of the presentation. Latest critical vulnerabilities, vendor patches, and zero-day…

Post by Chris Burd April 16, 2014
Tags:
, , , , ,
BI-5.1-user-asset-visibility-img

Understanding Who Has Access to What with BeyondInsight v5.1

Today, it’s my pleasure to introduce you to BeyondInsight version 5.1, the latest release of our IT Risk Management platform, which unifies several of our solutions for Privileged Account Management and Vulnerability Management. BeyondInsight v5.1 embodies BeyondTrust’s mission to give our customers the visibility they need to make smart decisions and reduce risk to their…

Post by Morey Haber April 15, 2014
Tags:
, , , , , , , , , , , ,