All indications are that this July will become A record month as far as publication of critical vulnerabilities refers . For if we had enough with everything published so far related to the Hacking Team and vulnerabilities 0-day in Flash Player or the recently settled in Java, today have published no less than four vulnerabilities of this type in the browser Internet Explorer .
What are these vulnerabilities
According to the company that has published these vulnerabilities, Zero Day Initiative, all they allow remote execution of code by an attacker in a vulnerable version of Internet Explorer . For the attack to be successful user interaction it is needed, since it must access a specially modified page or open a malicious file. Let’s look at what they are each of these vulnerabilities:
ZDI-15-359 : This vulnerability is related to the way that Internet Explorer processes the array that represent cells in HTML tables. By manipulating the elements of a document an attacker could force him to use Internet Explorer memory once beyond the end of a array HTML cells. The attacker could then use this vulnerability to execute code in the context of the process that is running
ZDI-15-360 :. This vulnerability exists in the handling of objects CAttrArray. To manipulate the elements of a document, an attacker could force a pointer that was suspended reused once it has been released. The attacker could then use this vulnerability to execute code in the context of the process that is running
ZDI-15-361 :. This vulnerability exists in the handling of objects CCurrentStyle . This time would be given to manipulate the elements of a document and an attacker could force a pointer that was suspended reused once it has been released. The attacker could then use this vulnerability to execute code in the context of the process that is running
ZDI-15-362 :. This vulnerability exists in the handling of objects CTreePos . In this case, to manipulate the elements of a document, an attacker could force a pointer that was suspended reused once it has been released. The attacker could then use this vulnerability to execute code in the context of the process that is running
How to mitigate potential damage
Since the publication of these vulnerabilities it has occurred if there is not a patch that solves (and therefore considered 0-day) there is a possibility that attackers try to take advantage as soon as possible.
This leaves millions of users Internet Explorer worldwide exposed until Microsoft releases the relevant security bulletin. However, you can perform a series actions to mitigate these potential attacks
- Because the attacker must convince his victim to access a link or open a malicious file, the first line of defense is the user . A user prevented these vulnerabilities should be able to recognize links or suspicious files (attached in an email, for example) and avoid clicking on them.
- You can configure Internet Explorer to prompt the user before running Active Scripting or directly disable Active Scripting in the Internet security zone and in the Local intranet settings in Internet Explorer’s Internet.
- The Toolkit Enhanced Mitigation Experience (EMET) of Microsoft helps prevent exploitation of certain vulnerabilities, although its use is recommended especially in corporate environments and experienced administrators.
- Using exploits locking systems as integrated in ESET security solutions allows the blocking of such codes, including those that exploit vulnerabilities 0- day, based on an analysis of behavior. Although you probably will not detect all exploits, yes that is a good first line of defense against such attacks.
Conclusion
It seems that we will soon see how these vulnerabilities are introduced into the most used exploits kits. So is important to stay informed and apply the patch as soon as you publish Microsoft . Meanwhile, we can always temporarily use other browsers or apply any of the solutions we have offered to mitigate potential attacks
Appropriations image. © download.net.pl/ Flickr
Author Josep Albors, ESET
No comments:
Post a Comment