[Micronet] IE Zero Day

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

[Micronet] IE Zero Day

Luke Rockwell
Brand new zero day for all versions of IE

https://technet.microsoft.com/en-us/library/security/2963983.aspx


.....................................

Luke Rockwell
Systems and Support Analyst
Information Technology

.....................................

Cal Alumni Association | UC Berkeley
1 Alumni House, Berkeley, CA 94720
T 510.900.8196
F 510.642.6252

.....................................

140 Years of Alumni Excellence
Commitment, Support, Passion

_____________________________________

alumni.berkeley.edu

_____________________________________

Facebook | LinkedIn

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] IE Zero Day

secabeen
This is listed as vulnerable on Server 2k3, so expect that it affects XP.

--Ted

On 4/27/2014 7:33 PM, Luke Rockwell wrote:

> Brand new zero day for all versions of IE
>
> https://technet.microsoft.com/en-us/library/security/2963983.aspx
>
>
> .....................................
>
> *Luke Rockwell*
> Systems and Support Analyst
> Information Technology
>
> .....................................
>
> Cal Alumni Association | UC Berkeley
> 1 Alumni House, Berkeley, CA 94720
> *T* 510.900.8196
> *F* 510.642.6252
>
> .....................................
>
> /140 Years of Alumni Excellence/
> /Commitment, Support, Passion/
>
> _____________________________________
>
> *alumni.berkeley.edu <http://alumni.berkeley.edu/>*
>
> _____________________________________
>
> *Facebook <https://www.facebook.com/CalAlumni> | LinkedIn
> <http://www.linkedin.com/groups?gid=70245>*
>
>
>  
> -------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
>

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] IE Zero Day

Bruce Satow
In reply to this post by Luke Rockwell
Apparently it is related to the Adobe Flash plugin and VML.

See:
http://blogs.technet.com/b/srd/archive/2014/04/26/more-details-about-security-advisory-2963983-ie-0day.aspx

and

http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html

There are some mitigation strategies on the technet blog if the user really needs to use IE9 to 11.

-Bruce



Bruce Satow
Systems Administrator
  University of California at Berkeley  
Space Sciences Laboratory
7 Gauss Way
Berkeley, California 94720-7450
[hidden email]
Phone: (510) 643-2348
Cell: (510) 847-1914
 
Si hoc legere scis nimium eruditionis habes
On 4/27/2014 7:33 PM, Luke Rockwell wrote:
Brand new zero day for all versions of IE

https://technet.microsoft.com/en-us/library/security/2963983.aspx


.....................................

Luke Rockwell
Systems and Support Analyst
Information Technology

.....................................

Cal Alumni Association | UC Berkeley
1 Alumni House, Berkeley, CA 94720
T 510.900.8196
F 510.642.6252

.....................................

140 Years of Alumni Excellence
Commitment, Support, Passion

_____________________________________

alumni.berkeley.edu

_____________________________________

Facebook | LinkedIn


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] IE Zero Day

Bruce Satow
From FireEye (who initially reported the exploit to Microsoft):
"the exploit relies deeply on two other components to successfully trigger code execution and in particular it requires presence VML and Flash components"
See:  http://blogs.technet.com/b/srd/archive/2014/04/26/more-details-about-security-advisory-2963983-ie-0day.aspx

Here are some various mitigation strategies that have been reported.   These are collected from various URLs dealing with the current Zero-day exploit.  
Be aware that Adobe Flash and Java may not work if you apply any of these options. 

Option #1:
Download and install EMET 4.1
http://www.microsoft.com/en-us/download/details.aspx?id=41138

Option #2:
Use Firefox or Chrome browsers instead of Internet Explorer until an update patch is released from Microsoft or Adobe.  
Since this is critical risk, please make sure that you are doing Windows update every night.

Option #3:
Open Internet Explorer
Click on the Gear icon in the upper right corner of the window, a submenu will pop up.
Scroll down and click on Internet Options
A small window will pop open.
Click on the Advanced Tab
Scroll down and check box:
    "Enable 64-bit processes for Enhanced Protected Mode"
     "Enable Enhanced Protected Mode"

Option #4:
Disable your Adobe flash in Internet Explorer.
Click on the Gear icon in the upper right corner of the window, a submenu will pop up.
Scroll down and click on Manage Add-Ons
Select the Shockwave Flash Object add-on.
Click Disable, and then click Close.








Bruce Satow
Systems Administrator
  University of California at Berkeley  
Space Sciences Laboratory
7 Gauss Way
Berkeley, California 94720-7450
[hidden email]
Phone: (510) 643-2348
Cell: (510) 847-1914
 
Si hoc legere scis nimium eruditionis habes



 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] IE Zero Day

Luke Rockwell

.....................................

Luke Rockwell
Systems and Support Analyst
Information Technology

.....................................

Cal Alumni Association | UC Berkeley
1 Alumni House, Berkeley, CA 94720
T 510.900.8196
F 510.642.6252

.....................................

Commitment, Support, Passion

_____________________________________

alumni.berkeley.edu

_____________________________________

Facebook | LinkedIn


On Mon, Apr 28, 2014 at 12:39 PM, Bruce Satow <[hidden email]> wrote:
From FireEye (who initially reported the exploit to Microsoft):
"the exploit relies deeply on two other components to successfully trigger code execution and in particular it requires presence VML and Flash components"
See:  http://blogs.technet.com/b/srd/archive/2014/04/26/more-details-about-security-advisory-2963983-ie-0day.aspx

Here are some various mitigation strategies that have been reported.   These are collected from various URLs dealing with the current Zero-day exploit.  
Be aware that Adobe Flash and Java may not work if you apply any of these options. 

Option #1:
Download and install EMET 4.1
http://www.microsoft.com/en-us/download/details.aspx?id=41138

Option #2:
Use Firefox or Chrome browsers instead of Internet Explorer until an update patch is released from Microsoft or Adobe.  
Since this is critical risk, please make sure that you are doing Windows update every night.

Option #3:
Open Internet Explorer
Click on the Gear icon in the upper right corner of the window, a submenu will pop up.
Scroll down and click on Internet Options
A small window will pop open.
Click on the Advanced Tab
Scroll down and check box:
    "Enable 64-bit processes for Enhanced Protected Mode"
     "Enable Enhanced Protected Mode"

Option #4:
Disable your Adobe flash in Internet Explorer.
Click on the Gear icon in the upper right corner of the window, a submenu will pop up.
Scroll down and click on Manage Add-Ons
Select the Shockwave Flash Object add-on.
Click Disable, and then click Close.









Bruce Satow
Systems Administrator
  University of California at Berkeley  
Space Sciences Laboratory
7 Gauss Way
Berkeley, California 94720-7450
[hidden email]
Phone: (510) 643-2348
Cell: (510) 847-1914
 
Si hoc legere scis nimium eruditionis habes




-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.



 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.