[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 446
  • Last Modified:

Microsoft Security Advisory 2963983 - How worried should we be?

Hi all,

Just reading the Microsoft Security Advisory 2963983 and Im slightly alarmed at the potential of this vulnerability. It also appears that Microsoft are taking there time with a fix for this too.

Just wanted to gauge what people think?
0
Matt
Asked:
Matt
  • 2
  • 2
4 Solutions
 
bmurray-vbCommented:
If you're using a good antivirus, antimalware product with predictive protection capabilities, it should keep a user from hitting a link that would deliver the code to utilize the exploit.

All of my clients use Webroot SecureAnywhere, and this has been verified by their enterprise support personnel.

If you want to take a measure that also protects the browser itself from the exploit.  Deploy EMET 4.1 via GPO to all the machines you're responsible for.

http://www.microsoft.com/en-us/download/details.aspx?id=41138

Simple to deploy via gpo  (any MSI is simple to deploy via gpo that is)

The fix is slated to be done next month, which is likely going to be patch Tuesday next week.
0
 
Tony GiangrecoCommented:
Here is an update on the Internet Explorer situation. It only applies if you are running Internet Explorer 10 or 11.

Microsoft explains how to enable Enhanced Protected Mode (EPM) in the "suggested actions" section of its advisory. The steps are outlined as follows:

To enable EPM in IE 10 or 11, click the Tools menu and then click Internet options.
In the Internet Options window, click the Advanced tab.
Scroll down the list of options until you see the Security section.
Look for the option to Enable Enhanced Protected Mode and click its checkbox to turn it on.

If you're running IE 11 in a 64-bit version of Windows, you also need to click the checkbox to Enable 64-bit processes for Enhanced Protected Mode.
Restart IE to force the new setting to take effect.
EPM is saddled with a couple of limitations. The feature supports only IE 10 and 11 and only 64-bit versions of Windows. And some websites and add-ons won't work with EPM enabled.

How do you protect yourself if you're running an older version of IE or use a site that doesn't play nicely with EPM? You can unregister an associated IE DLL file called VGX.DLL. Microsoft explains how to unregister this file in the suggested actions section.

Until Microsoft can patch this bug, the best option is to use an alternate browser such as Firefox or Google Chrome. But those of you stuck on IE can at least better protect yourself by following Microsoft's suggestions.

http://www.cnet.com/news/microsoft-tells-ie-users-how-to-defend-against-zero-day-bug/?tag=nl.e703&s_cid=e703&ttag=e703&ftag=CAD090e536
0
 
jcimarronCommented:
MIZUK--
Flash Player can be the vector for acquiring this security bug.
Adobe has released an update for Flash to avoid this--version 13,0,0,206.
Download and install from here
http://get.adobe.com/flashplayer/

And here is the official MS position
https://technet.microsoft.com/library/security/2963983#ID0EEEAC
0
 
jcimarronCommented:
MIZUK--
MS has issued a fix.
https://technet.microsoft.com/library/security/ms14-021
Or you will probably be offered it on Windows Update.

Another good reference
http://support.microsoft.com/kb/2964358
0
 
Tony GiangrecoCommented:
Have we answered your question?
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now