Jump to content


IE Zero-Day Vulnerability, Security Advisory 2963983


  • Please log in to reply
20 replies to this topic

#1 OFFLINE   Corrine

Corrine

    The Mystical Rose

  • Forum Admins
  • 4,111 posts

Posted 27 April 2014 - 01:19 PM

Microsoft released Security Advisory 2963983 which relates to a vulnerability in Internet Explorer.

With the vulnerability, an attacker could cause remote code execution if someone visited a malicious website with an affected browser. Generally, this would occur by an attacker convincing someone to click a link in an email or instant message.

Although the vulnerability affects all versions of IE, at this time, Microsoft is aware of limited, targeted attacks, in which the exploit observed appears to target IE9, IE10 and IE11.

Recommendations are available in Microsoft Security Advisory 2963983 as well as my blog post, Security Advisory 2963983, IE Zero-Day Vulnerability which includes additional references.
Posted Image

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

#2 OFFLINE   LilBambi

LilBambi

    Australisches Googler

  • Forum Admins
  • 22,513 posts

Posted 27 April 2014 - 04:45 PM


Those still using Windows XP on the Internet, please be aware:


VERY IMPORTANT FOR ANY HOLD OUT WINDOWS XP USERS


This is the first of the security vulnerabilities that DOES NOT include workarounds  for Windows XP. The oldest Windows noted as being affected are: Windows Server 2003 SP2 and Vista SP2.


IMPORTANT NOTE: Once a Microsoft product's support has expired -- as is true now about Windows XP SP3 since April 8, 2014 -- Microsoft no longer lists it as affected by the vulnerabilities being patched. Microsoft only list Windows versions which are still under Mainstream Support or Extended Support. This has always been the case.


If anyone is still using Windows XP on the Internet (UNWISE!!), it would be strongly recommended to disallow IE (Internet Explorer) access to the Internet through your software firewall*, and use another browser like Firefox and Google Chrome which will still be getting updates for a time.


* Any Windows XP users still on the Internet should at least have:
  • a hardware router with Stateful Packet Firewall
  • should be using a 'real' software firewall as well as a good AV program. Just one good choice that will continue to support Windows XP is ESET's Smart Security which is a very good antivirus and firewall. It is the one I use. It is not free. There are several free antivirus programs but not many free security suites.
  • block Internet Explorer through the ESET or other software firewall.
  • should be using a 3rd party browser like Mozilla Firefox with NoScript, Adblock Plus and WOT to help sort out safer search results on search engines, or Google Chrome with ScriptSafe, Adblock Plus and WOT Extension.
  • uninstall Java entirely, keep Adobe Flash religiously updated for Firefox as long as Adobe continues to provide them. Google Chrome updates Flash within itself. Might want to switch from Adobe Reader to Sumatra PDF reader which is a simple PDF viewer.
  • need to be even more careful than ever before about where you go. The bad guys will be looking with great anticipation for computers with expired Windows XP.
  • no risky behavior
  • no banking ... note very soon banks will be disallowing expired Windows XP entirely anyway.

IMPORTANT: You can not block a program from getting out to the Internet with the Windows XP Firewall. It is only a one way firewall. It only monitors incoming Internet requests, instead of both ways as any real firewall including Windows 7 and Windows 8 built-in software firewalls do.


Here's a quote from a ZDNet article:


To those planning to stick resolutely with the aged Windows XP operating system even after Microsoft ends support next year, the advice from experts is simple: Don't do it.


Again: I would strongly suggest you get a new computer, upgrade your computer if it can be upgraded to a modern/still supported Windows such as Windows 7 or Windows 8, or get a Mac, or you could  convert/upgrade the computer to Linux or use a Linux LiveCD to visit the Internet and still use Windows XP as a standalone NOT CONNECTED TO THE INTERNET computer.


This was part of my posting today here.

Bambi
AKA Fran

Posted Image
My Public Key for Email :: BambisMusings Blog :: Fran's Computer Services Blog :: MyPassionIsBooks Blog :: 5BuckReview :: CNIRadio
"The Net interprets censorship as damage and routes around it." ~John Gilmore (Time Magazine, Dec 6, 1993)

#3 OFFLINE   raymac46

raymac46

    Discussion Deity

  • Forum MVP
  • 3,412 posts

Posted 27 April 2014 - 05:47 PM

Good advice in the link about converting to Linux. However I still believe that installing and configuring an operating system is beyond the capabilities of the average XP refugee. It takes some help from a Linux advocate.
As far as using LM 13 good idea unless your "client" decides on the newest HP printer - in which case be ready to install the latest HPLIP and hope that an "update" doesn't revert to an older version and hose your printing capability. Printers are a must for older folks as they want paper documentation. Right now I have a lady in this situation and I am waiting for LM 17 so that I can fix her up for a few years.

Edited by raymac46, 27 April 2014 - 05:47 PM.

Posted Image

Registered Linux User 445659

#4 OFFLINE   Corrine

Corrine

    The Mystical Rose

  • Forum Admins
  • 4,111 posts

Posted 28 April 2014 - 08:21 PM

Microsoft Internet Explorer Use-After-Free Vulnerability Guidance | US-CERT

Quote

US-CERT recommends that users and administrators review Microsoft Security Advisory 2963983 for mitigation actions and workarounds. Those who cannot follow Microsoft's recommendations, such as Windows XP users, may consider employing an alternate browser.

UK Government officials have also advised using an alternate browser:  UPDATE 2-US, UK advise avoiding Internet Explorer until bug fixed: Thomson Reuters Business News - MSN Money

Google Chrome and Mozilla Firefox (as well as Pale Moon) run on Windows XP and will receive security fixes until at least April 2015.
Posted Image

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

#5 OFFLINE   LilBambi

LilBambi

    Australisches Googler

  • Forum Admins
  • 22,513 posts

Posted 28 April 2014 - 11:07 PM

View Postraymac46, on 27 April 2014 - 05:47 PM, said:

Good advice in the link about converting to Linux. However I still believe that installing and configuring an operating system is beyond the capabilities of the average XP refugee. It takes some help from a Linux advocate.
As far as using LM 13 good idea unless your "client" decides on the newest HP printer - in which case be ready to install the latest HPLIP and hope that an "update" doesn't revert to an older version and hose your printing capability. Printers are a must for older folks as they want paper documentation. Right now I have a lady in this situation and I am waiting for LM 17 so that I can fix her up for a few years.

Yep, so true. That's why I offer some thoughts on that at the bottom of my blog posting that I linked to. :yes:

View PostCorrine, on 28 April 2014 - 08:21 PM, said:

Microsoft Internet Explorer Use-After-Free Vulnerability Guidance | US-CERT


UK Government officials have also advised using an alternate browser:  UPDATE 2-US, UK advise avoiding Internet Explorer until bug fixed: Thomson Reuters Business News - MSN Money

Google Chrome and Mozilla Firefox (as well as Pale Moon) run on Windows XP and will receive security fixes until at least April 2015.


Yep!
Bambi
AKA Fran

Posted Image
My Public Key for Email :: BambisMusings Blog :: Fran's Computer Services Blog :: MyPassionIsBooks Blog :: 5BuckReview :: CNIRadio
"The Net interprets censorship as damage and routes around it." ~John Gilmore (Time Magazine, Dec 6, 1993)

#6 OFFLINE   LilBambi

LilBambi

    Australisches Googler

  • Forum Admins
  • 22,513 posts

Posted 29 April 2014 - 08:06 AM

However, because some malware has been known in the past to call other software such as IE (especially if the timing is such that they can mix this with another vulnerability such as in Flash, etc.), there may still be a chance that the bad guys could then make use of the IE Zero-Day (in XP in particular) since it isn't going to be fixed (whenever Microsoft gets around to fixing it for the still supported Windows versions).

This is why not only using another browser, but blocking IE through the software firewall OR using EMET v3 might be very important as well if one is foolish enough to continue to use XP on the Internet.
Bambi
AKA Fran

Posted Image
My Public Key for Email :: BambisMusings Blog :: Fran's Computer Services Blog :: MyPassionIsBooks Blog :: 5BuckReview :: CNIRadio
"The Net interprets censorship as damage and routes around it." ~John Gilmore (Time Magazine, Dec 6, 1993)

#7 OFFLINE   Corrine

Corrine

    The Mystical Rose

  • Forum Admins
  • 4,111 posts

Posted 01 May 2014 - 12:34 PM

An out of band security update is being released today.  In a surprising move, Microsoft has indeed decided to issue an update for Windows XP users!

MSRC Blog Post: Out-of-Band Release to Address Microsoft Security Advisory 2963983
Posted Image

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

#8 OFFLINE   Corrine

Corrine

    The Mystical Rose

  • Forum Admins
  • 4,111 posts

Posted 01 May 2014 - 01:12 PM

The update has been released.  See Out of Band Security Update for IE Zero-Day Vulnerability
Posted Image

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

#9 OFFLINE   LilBambi

LilBambi

    Australisches Googler

  • Forum Admins
  • 22,513 posts

Posted 01 May 2014 - 02:48 PM

It looks like they have not updated the previous postings as yet however, the Microsoft Security Bulletin MS14-021 - Critical shows affected including Windows XP SP3 for IE6, IE7 and IE8 being affected. So that certainly does imply that they are doing the Out-of-Band Security Update for Security Update for Internet Explorer (2965111) does include Windows XP SP3 for IE6, IE7, and IE8.

And since Microsoft only shows affected versions if they are affected AND will be included in the patch. Usually updates only include currently supported versions of Windows, so including Windows XP SP3 is certainly a welcome but unexpected inclusion.

Wise move by Microsoft!
Bambi
AKA Fran

Posted Image
My Public Key for Email :: BambisMusings Blog :: Fran's Computer Services Blog :: MyPassionIsBooks Blog :: 5BuckReview :: CNIRadio
"The Net interprets censorship as damage and routes around it." ~John Gilmore (Time Magazine, Dec 6, 1993)

#10 OFFLINE   zlim

zlim

    It's me, plodr

  • Forum MVP
  • 7,047 posts

Posted 01 May 2014 - 04:25 PM

I just patched our 4 Win 7 computers and the one XP partition on a Win 7 computer.

XP needs to be rebooted after the patch; Win 7 does not.
Liz
Registered Linux User # 401459
Posted Image

#11 OFFLINE   ebrke

ebrke

    Board Bigwig

  • Forum MVP
  • 2,721 posts

Posted 01 May 2014 - 05:29 PM

Thanks for the info, Corrine!  I guess I'll update the XP partition left on my now openSuSE laptop.  Other Win 7 laptop has no notification for an update yet--guess I'll wait until tomorrow and then update manually.
Registered Linux User 344759

#12 OFFLINE   LilBambi

LilBambi

    Australisches Googler

  • Forum Admins
  • 22,513 posts

Posted 01 May 2014 - 08:35 PM

When I said that it was a wise move by Microsoft, I really mean that!


Here’s the April 2014 Desktop Share in the  Operating System
breakout from NetMarketShare.com:



Posted Image


NetMarketShare – Operating System – Desktop Share – April 2014


Windows XP is still #2 Operating System around the world
as of the end of April 2014


#1 Windows 7 is 49.27%


#2 Windows XP 26.29%


#3 Windows 8/Windows 8.1 combined: 12.24%


(Combined both:
Windows 8 at 6.36% ~&~ Windows 8.1 at 5.88%)



#4 Mac OS X 10.7/10.8/10.9 combined:  6.09%


(Combined current supported versions:
Mac OS X 10.7 at 0.96% ~&~ Mac OS X 10.8 at 1.06%  ~&~ Mac OS X 10.9 at 4.07%)


#5 Windows Vista at 2.89%


Bambi
AKA Fran

Posted Image
My Public Key for Email :: BambisMusings Blog :: Fran's Computer Services Blog :: MyPassionIsBooks Blog :: 5BuckReview :: CNIRadio
"The Net interprets censorship as damage and routes around it." ~John Gilmore (Time Magazine, Dec 6, 1993)

#13 OFFLINE   LilBambi

LilBambi

    Australisches Googler

  • Forum Admins
  • 22,513 posts

Posted 01 May 2014 - 08:38 PM

View Postebrke, on 01 May 2014 - 05:29 PM, said:

Thanks for the info, Corrine!  I guess I'll update the XP partition left on my now openSuSE laptop.  Other Win 7 laptop has no notification for an update yet--guess I'll wait until tomorrow and then update manually.

I just got mine on my XP Pro in VirtualBox. I left it for over an hour online after it got it's ESET Smart Security update waiting for it to get the IE Fix but it didn't get it. So I went to Windows Updates on the Start Menu and got it right away after it did it's normal search for what updates it has already. Did great. Now offline.
Bambi
AKA Fran

Posted Image
My Public Key for Email :: BambisMusings Blog :: Fran's Computer Services Blog :: MyPassionIsBooks Blog :: 5BuckReview :: CNIRadio
"The Net interprets censorship as damage and routes around it." ~John Gilmore (Time Magazine, Dec 6, 1993)

#14 OFFLINE   LilBambi

LilBambi

    Australisches Googler

  • Forum Admins
  • 22,513 posts

Posted 01 May 2014 - 08:47 PM

Posted Image



There's mine! :D


Bambi
AKA Fran

Posted Image
My Public Key for Email :: BambisMusings Blog :: Fran's Computer Services Blog :: MyPassionIsBooks Blog :: 5BuckReview :: CNIRadio
"The Net interprets censorship as damage and routes around it." ~John Gilmore (Time Magazine, Dec 6, 1993)

#15 OFFLINE   LilBambi

LilBambi

    Australisches Googler

  • Forum Admins
  • 22,513 posts

Posted 02 May 2014 - 03:04 PM

Got mine on the WinXP Home Sony laptop and it came in on its own through automatic updates within about 1/2 hr. :thumbsup:
Bambi
AKA Fran

Posted Image
My Public Key for Email :: BambisMusings Blog :: Fran's Computer Services Blog :: MyPassionIsBooks Blog :: 5BuckReview :: CNIRadio
"The Net interprets censorship as damage and routes around it." ~John Gilmore (Time Magazine, Dec 6, 1993)

#16 OFFLINE   Temmu

Temmu

    The Assimilator

  • Forum MVP
  • 12,534 posts

Posted 05 May 2014 - 11:43 AM

yes, thanks corrine, for the update!

i am amazed that xp (i.e. 6 through 8) is being patched. shocking. why is that a good thing? does it not encourage us (me included) to continue to use xp on the internet? - sounds like a bad idea...
Posted Image

#17 OFFLINE   ross549

ross549

    I live here.

  • Forum MVP
  • 9,185 posts

Posted 05 May 2014 - 11:44 AM

View PostTemmu, on 05 May 2014 - 11:43 AM, said:

i am amazed that xp (i.e. 6 through 8) is being patched. shocking. why is that a good thing? does it not encourage us (me included) to continue to use xp on the internet? - sounds like a bad idea...

I agree 100%. This only prolongs the inevitable.
I don't suffer from insanity, I enjoy it.
Posted Image Posted Image Posted Image Posted Image

#18 OFFLINE   crp

crp

    Discussion Deity

  • Members
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 3,051 posts

Posted 05 May 2014 - 11:54 AM

XP is being updated since it is so to the cutoff and there are still roughly 200 million internet users of it out there. Keep that number when comparing to other companies and previous versions of msWindows, that is a huge comparative number of users.
Of all tyrannies, a tyranny sincerely exercised for the good of its victims may be the most oppressive. It would be better to live under robber barons than under omnipotent moral busybodies. The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for our own good will torment us without end for they do so with the approval of their own conscience. ~C. S. Lewis

#19 OFFLINE   Temmu

Temmu

    The Assimilator

  • Forum MVP
  • 12,534 posts

Posted 05 May 2014 - 02:54 PM

indeed, 200 million is big!
Posted Image

#20 OFFLINE   ross549

ross549

    I live here.

  • Forum MVP
  • 9,185 posts

Posted 06 May 2014 - 12:05 PM

http://steve.grc.com...-vulnerability/

This vulnerability requires some really convoluted methods to get into the system.

Quote

With most recent exploits, the path to exploitation is convoluted and complex and this one is no exception. In this case it depends upon encountering malicious Web content with IE’s ActiveScripting and ActiveX enabled (which is the default in both cases). That will load an Adobe SWF (Shockwave FLASH) file which first prepares the machine for exploitation, then uses Javascript against the vulnerable version of IE (presently all versions of IE) to exploit a subtle flaw in the age-old and long-ago deprecated VML (vector markup language) rendering library. (Which is, nonetheless, still hanging around “just in case.”)

I don't suffer from insanity, I enjoy it.
Posted Image Posted Image Posted Image Posted Image

#21 OFFLINE   LilBambi

LilBambi

    Australisches Googler

  • Forum Admins
  • 22,513 posts

Posted 06 May 2014 - 05:12 PM

Most are, but they still can happen quite easily.
Bambi
AKA Fran

Posted Image
My Public Key for Email :: BambisMusings Blog :: Fran's Computer Services Blog :: MyPassionIsBooks Blog :: 5BuckReview :: CNIRadio
"The Net interprets censorship as damage and routes around it." ~John Gilmore (Time Magazine, Dec 6, 1993)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users