Solved

Internet Explorer Zero-Day Flaw 2013

Posted on 2013-01-16
5
405 Views
Last Modified: 2013-07-22
I am seeing articles about this topic all over the net and my company is using IE 8 as a standard apps browser and some of the apps involved sensitive data/information.

I did a search on Zero Day on Expert Exchange but the results given were posted on 2011, are they the same thing?

I saw the posts were stating fixit patch that was released few days ago didn't help and that the permanent solution was to upgrade to IE9 and above.

Should I be alarmed by this IE flaw since everyone in my company are using IE8?
If so is there any countermeasure that I can consider of?
0
Comment
Question by:mondainai
5 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 168 total points
Comment Utility
Make sure your users are not Administrators of their machines, Windows 7 by default makes it this way, but often people over-ride it for their users, making them Admins of their machines. That's the biggest no-no in all of IT. The second mitigating factor is to apply the M$ EMET tool to all programs that users use, Adobe (flash/reader/shockwave), Java, Office, IE, FireFox, Chrome etc... http://www.microsoft.com/en-us/download/details.aspx?id=29851 It's a great tool that I've used since it came out, no issues what so ever, but your mileage may vary.
-rich
0
 
LVL 61

Assisted Solution

by:btan
btan earned 166 total points
Comment Utility
IE was having serious of event of such serious and of high risk rating because public exploit ia available and even free pentest tool has ready exploit package using it since end Sept 2012. It mentioned successfully attack the vulnerability on Internet Explorer versions 7, 8 and 9 on Windows XP, Vista and 7.

http://krebsonsecurity.com/2012/09/exploit-released-for-zero-day-in-internet-explorer/

But I believe you are referring to this and that is another targeted real attack on IE (again) using flash exploit. The seriousness is because of the water hole effect where website(s) itself become a hosting malware of the flash waiting for more user to visit it.

http://krebsonsecurity.com/2012/12/attackers-target-internet-explorer-zero-day-flaw/

According to Microsoft, the issue is "under limited exploit in the wild"; however, there is a Metasploit module available which can theoretically exploit the hole.

http://cyberarms.wordpress.com/2013/01/08/latest-internet-explorer-zero-day-exploit-walkthrough-using-metasploit/

But since Dec with this hotting up, MS out-of-band security update for the critical security hole that affects Internet Explorer 6, 7 and 8 is now available as of 14 Jan. MS had previously released a "Fix it" patch, which had subsequently been worked around by security researchers. If users have installed the "Fix it", they do not need to uninstall it as it does not interfere with the operation of the update, but MS suggests that it should be removed after the update. MS also reminds users that, where possible, they should update to Internet Explorer 9 which is not vulnerable to this hole.

You may want to check out this on MS FAQs

http://blogs.technet.com/b/msrc/p/january-2013-oob-security-bulletin-q-a.aspx

Q: If EMET was used to mitigate the possible attack, should this be removed once the patch is successfully installed?

A: EMET is not only effective to mitigate possible attacks of this issue, but it's a useful tool to mitigate several classes of attacks. EMET adds several layers of mitigations to the ones already present in the operating system. If EMET works for your environment we recommend keeping it enabled to mitigate future attacks.
0
 
LVL 53

Assisted Solution

by:McKnife
McKnife earned 166 total points
Comment Utility
Hi.

It's important to know what flaw you are talking about. This? http://blogs.technet.com/b/msrc/archive/2013/01/14/ms13-008-released-for-security-advisory-2794220.aspx is fixed.

You have to be aware that using the web is always risky, not only when so called zero-day exploits are on the news. It's risky every day because dumb users might send out your company's data simply because they don't understand, what they are been tricked into.
Apply patches but be aware that there might be more holes that some people know but you don't.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
OfficeMate Freezes on login or does not load after login credentials are input.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now