Solved

Microsoft Security Advisory 2963983 - How worried should we be?

Posted on 2014-04-30
5
431 Views
Last Modified: 2014-05-06
Hi all,

Just reading the Microsoft Security Advisory 2963983 and Im slightly alarmed at the potential of this vulnerability. It also appears that Microsoft are taking there time with a fix for this too.

Just wanted to gauge what people think?
0
Comment
Question by:Matt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 3

Assisted Solution

by:bmurray-vb
bmurray-vb earned 125 total points
ID: 40031746
If you're using a good antivirus, antimalware product with predictive protection capabilities, it should keep a user from hitting a link that would deliver the code to utilize the exploit.

All of my clients use Webroot SecureAnywhere, and this has been verified by their enterprise support personnel.

If you want to take a measure that also protects the browser itself from the exploit.  Deploy EMET 4.1 via GPO to all the machines you're responsible for.

http://www.microsoft.com/en-us/download/details.aspx?id=41138

Simple to deploy via gpo  (any MSI is simple to deploy via gpo that is)

The fix is slated to be done next month, which is likely going to be patch Tuesday next week.
0
 
LVL 25

Assisted Solution

by:Tony Giangreco
Tony Giangreco earned 250 total points
ID: 40033059
Here is an update on the Internet Explorer situation. It only applies if you are running Internet Explorer 10 or 11.

Microsoft explains how to enable Enhanced Protected Mode (EPM) in the "suggested actions" section of its advisory. The steps are outlined as follows:

To enable EPM in IE 10 or 11, click the Tools menu and then click Internet options.
In the Internet Options window, click the Advanced tab.
Scroll down the list of options until you see the Security section.
Look for the option to Enable Enhanced Protected Mode and click its checkbox to turn it on.

If you're running IE 11 in a 64-bit version of Windows, you also need to click the checkbox to Enable 64-bit processes for Enhanced Protected Mode.
Restart IE to force the new setting to take effect.
EPM is saddled with a couple of limitations. The feature supports only IE 10 and 11 and only 64-bit versions of Windows. And some websites and add-ons won't work with EPM enabled.

How do you protect yourself if you're running an older version of IE or use a site that doesn't play nicely with EPM? You can unregister an associated IE DLL file called VGX.DLL. Microsoft explains how to unregister this file in the suggested actions section.

Until Microsoft can patch this bug, the best option is to use an alternate browser such as Firefox or Google Chrome. But those of you stuck on IE can at least better protect yourself by following Microsoft's suggestions.

http://www.cnet.com/news/microsoft-tells-ie-users-how-to-defend-against-zero-day-bug/?tag=nl.e703&s_cid=e703&ttag=e703&ftag=CAD090e536
0
 
LVL 50

Assisted Solution

by:jcimarron
jcimarron earned 125 total points
ID: 40035025
MIZUK--
Flash Player can be the vector for acquiring this security bug.
Adobe has released an update for Flash to avoid this--version 13,0,0,206.
Download and install from here
http://get.adobe.com/flashplayer/

And here is the official MS position
https://technet.microsoft.com/library/security/2963983#ID0EEEAC
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 40038069
MIZUK--
MS has issued a fix.
https://technet.microsoft.com/library/security/ms14-021
Or you will probably be offered it on Windows Update.

Another good reference
http://support.microsoft.com/kb/2964358
0
 
LVL 25

Accepted Solution

by:
Tony Giangreco earned 250 total points
ID: 40039201
Have we answered your question?
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
There are many software programs on offer that will claim to magically speed up your computer. The best advice I can give you is to avoid them like the plague, because they will often cause far more problems than they solve. Try some of these "do it…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question