Solved

Microsoft Security Advisory 2963983 - How worried should we be?

Posted on 2014-04-30
5
430 Views
Last Modified: 2014-05-06
Hi all,

Just reading the Microsoft Security Advisory 2963983 and Im slightly alarmed at the potential of this vulnerability. It also appears that Microsoft are taking there time with a fix for this too.

Just wanted to gauge what people think?
0
Comment
Question by:Matt
  • 2
  • 2
5 Comments
 
LVL 3

Assisted Solution

by:bmurray-vb
bmurray-vb earned 125 total points
ID: 40031746
If you're using a good antivirus, antimalware product with predictive protection capabilities, it should keep a user from hitting a link that would deliver the code to utilize the exploit.

All of my clients use Webroot SecureAnywhere, and this has been verified by their enterprise support personnel.

If you want to take a measure that also protects the browser itself from the exploit.  Deploy EMET 4.1 via GPO to all the machines you're responsible for.

http://www.microsoft.com/en-us/download/details.aspx?id=41138

Simple to deploy via gpo  (any MSI is simple to deploy via gpo that is)

The fix is slated to be done next month, which is likely going to be patch Tuesday next week.
0
 
LVL 25

Assisted Solution

by:Tony Giangreco
Tony Giangreco earned 250 total points
ID: 40033059
Here is an update on the Internet Explorer situation. It only applies if you are running Internet Explorer 10 or 11.

Microsoft explains how to enable Enhanced Protected Mode (EPM) in the "suggested actions" section of its advisory. The steps are outlined as follows:

To enable EPM in IE 10 or 11, click the Tools menu and then click Internet options.
In the Internet Options window, click the Advanced tab.
Scroll down the list of options until you see the Security section.
Look for the option to Enable Enhanced Protected Mode and click its checkbox to turn it on.

If you're running IE 11 in a 64-bit version of Windows, you also need to click the checkbox to Enable 64-bit processes for Enhanced Protected Mode.
Restart IE to force the new setting to take effect.
EPM is saddled with a couple of limitations. The feature supports only IE 10 and 11 and only 64-bit versions of Windows. And some websites and add-ons won't work with EPM enabled.

How do you protect yourself if you're running an older version of IE or use a site that doesn't play nicely with EPM? You can unregister an associated IE DLL file called VGX.DLL. Microsoft explains how to unregister this file in the suggested actions section.

Until Microsoft can patch this bug, the best option is to use an alternate browser such as Firefox or Google Chrome. But those of you stuck on IE can at least better protect yourself by following Microsoft's suggestions.

http://www.cnet.com/news/microsoft-tells-ie-users-how-to-defend-against-zero-day-bug/?tag=nl.e703&s_cid=e703&ttag=e703&ftag=CAD090e536
0
 
LVL 50

Assisted Solution

by:jcimarron
jcimarron earned 125 total points
ID: 40035025
MIZUK--
Flash Player can be the vector for acquiring this security bug.
Adobe has released an update for Flash to avoid this--version 13,0,0,206.
Download and install from here
http://get.adobe.com/flashplayer/

And here is the official MS position
https://technet.microsoft.com/library/security/2963983#ID0EEEAC
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 40038069
MIZUK--
MS has issued a fix.
https://technet.microsoft.com/library/security/ms14-021
Or you will probably be offered it on Windows Update.

Another good reference
http://support.microsoft.com/kb/2964358
0
 
LVL 25

Accepted Solution

by:
Tony Giangreco earned 250 total points
ID: 40039201
Have we answered your question?
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I will show you HOW TO: Install VMware Tools for Windows on a VMware Windows virtual machine on a VMware vSphere Hypervisor 6.5 (ESXi 6.5) Host Server, using the VMware Host Client. The virtual machine has Windows Server 2016 instal…
No single Antivirus application (despite claims by manufacturers) will catch or protect you from all Virus / Malware or Spyware threats. That doesn't stop you from further protecting yourself however - and this article is to show you how.
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question