Alerts
Exploits Circulating for Internet Explorer Unpatched Vulnerability
Date:
March 27, 2006
Severity:
High
Systems Affected:
Windows NT 4.0
Windows 98 / ME
Windows 2000 SP4
Windows XP SP1 / SP2
Windows 2003
Internet Explorer 5.01 Service Pack 4
Internet Explorer 6
Internet Explorer 6 Service Pack 1
Internet Explorer SP2 (On Windows XP SP2)
Overview:
eEye Digital Security is advising customers to the existence of exploit code that targets a critical security vulnerability in Microsoft Internet Explorer. The exploit pertains to an unpatched vulnerability that has been released on various public mailing lists. Microsoft has released the following security alert on this issue:
http://www.microsoft.com/technet/security/advisory/917077.mspx
This issue affects any Windows operating system running Internet Explorer versions 5.01 SP4 through 6.0 SP1. The vulnerability results from the method in which Internet Explorer handles HTML Objects. This flaw allows for remote code to be executed on the target system. If successfully exploited, an attacker will only have the rights of the currently logged on user. System Administrators should be careful to not use Administrator accounts for general system use.
Currently, there have been numerous reports of this vulnerability being used on various websites in attempts to install Spyware and remote control "bot" software for use in Distributed Denial of Service (DDoS) attacks.
Recommendations:
The recommended action required to protect systems against this attack is to disable Active Scripting from within Internet Explorer. Following are the steps required to disable Active Scripting:
Protecting Your Systems:
eEye Digital Security's Research Team has confirmed that eEye's Blink® host-based intrusion prevention solution protects from the exploitation of this Internet Explorer flaw without requiring invasive firewalling, or the presence of any patch. Current Blink customers should ensure that the Application Protection is enabled in their Blink policies.
Blink® Endpoint Vulnerability Prevention
http://www.eeye.com/blink
eEye's Temporary Workaround:
eEye Digital Security's Research Team has released a workaround for the vulnerability as a temporary measure for customers who have not yet installed Blink. This workaround is not meant to replace the forthcoming Microsoft patch, rather it is intended as a temporary protection against this flaw. Organizations should only install this patch if they are not able to disable Active Scripting as a means of mitigation.
Organizations that choose to employ this workaround should take the steps required to uninstall it once the official Microsoft patch is released. This workaround is not meant to replace the forthcoming Microsoft patch, rather it is intended as a temporary protection against this flaw. Organizations should only install this patch if they are not able to disable Active Scripting as a means of mitigation.
Organizations that choose to employ this workaround should take the steps required to uninstall it once the official Microsoft patch is released. Please note that at this time this workaround only supports Windows NT, Windows 2000, Windows XP, and Windows 2003 and is fully removable.
Patch Location: Download Now!
Patch Version: 1.0.2
Patch Source Code: View
Contact:
For support, bug reports, or feedback please email alerts@eeye.com.
This alert was last updated on April 5, 2006.
March 27, 2006
Severity:
High
Systems Affected:
Windows NT 4.0
Windows 98 / ME
Windows 2000 SP4
Windows XP SP1 / SP2
Windows 2003
Internet Explorer 5.01 Service Pack 4
Internet Explorer 6
Internet Explorer 6 Service Pack 1
Internet Explorer SP2 (On Windows XP SP2)
Overview:
eEye Digital Security is advising customers to the existence of exploit code that targets a critical security vulnerability in Microsoft Internet Explorer. The exploit pertains to an unpatched vulnerability that has been released on various public mailing lists. Microsoft has released the following security alert on this issue:
http://www.microsoft.com/technet/security/advisory/917077.mspx
This issue affects any Windows operating system running Internet Explorer versions 5.01 SP4 through 6.0 SP1. The vulnerability results from the method in which Internet Explorer handles HTML Objects. This flaw allows for remote code to be executed on the target system. If successfully exploited, an attacker will only have the rights of the currently logged on user. System Administrators should be careful to not use Administrator accounts for general system use.
Currently, there have been numerous reports of this vulnerability being used on various websites in attempts to install Spyware and remote control "bot" software for use in Distributed Denial of Service (DDoS) attacks.
Recommendations:
The recommended action required to protect systems against this attack is to disable Active Scripting from within Internet Explorer. Following are the steps required to disable Active Scripting:
- To disable Active Scripting within Internet Explorer locally, users should refer to the Microsoft Support Bulletin found here:
http://support.microsoft.com/kb/q154036/ - To disable Active Scripting across an entire Active Directory/Domain using GPO, security administrators should reference the following Microsoft Bulletins:
Protecting Your Systems:
eEye Digital Security's Research Team has confirmed that eEye's Blink® host-based intrusion prevention solution protects from the exploitation of this Internet Explorer flaw without requiring invasive firewalling, or the presence of any patch. Current Blink customers should ensure that the Application Protection is enabled in their Blink policies.
Blink® Endpoint Vulnerability Prevention
http://www.eeye.com/blink
eEye's Temporary Workaround:
eEye Digital Security's Research Team has released a workaround for the vulnerability as a temporary measure for customers who have not yet installed Blink. This workaround is not meant to replace the forthcoming Microsoft patch, rather it is intended as a temporary protection against this flaw. Organizations should only install this patch if they are not able to disable Active Scripting as a means of mitigation.
Organizations that choose to employ this workaround should take the steps required to uninstall it once the official Microsoft patch is released. This workaround is not meant to replace the forthcoming Microsoft patch, rather it is intended as a temporary protection against this flaw. Organizations should only install this patch if they are not able to disable Active Scripting as a means of mitigation.
Organizations that choose to employ this workaround should take the steps required to uninstall it once the official Microsoft patch is released. Please note that at this time this workaround only supports Windows NT, Windows 2000, Windows XP, and Windows 2003 and is fully removable.
Patch Location: Download Now!
Patch Version: 1.0.2
Patch Source Code: View
Contact:
For support, bug reports, or feedback please email alerts@eeye.com.
This alert was last updated on April 5, 2006.
