.

New zero-day exploit for Internet Explorer 7, 8, and 9 on Windows XP, Vista & 7

<<

S3curityM0nkey

User avatar

Jr. Member
Jr. Member

Posts: 89

Joined: Mon May 16, 2011 6:47 pm

Post Mon Sep 17, 2012 5:48 pm

New zero-day exploit for Internet Explorer 7, 8, and 9 on Windows XP, Vista & 7

Good blog about the new zero-day in IE......

https://community.rapid7.com/community/ ... metasploit

And this is good as well... nice write up on the findings of an infected server:

http://eromang.zataz.com/2012/09/16/zer ... -over-yet/
Last edited by S3curityM0nkey on Tue Sep 18, 2012 12:33 am, edited 1 time in total.
<<

cyber.spirit

User avatar

Sr. Member
Sr. Member

Posts: 356

Joined: Sun Feb 26, 2012 8:07 am

Location: in your heart!

Post Tue Sep 18, 2012 12:31 am

Re: New zero-day exploit for Internet Explorer 7, 8, and 9 on Windows XP, Vista

on windows xp or vista? You mean windows server 2003-2008 and windows seven is not vulnerable?
ICS Academy Network Security Certified
<<

S3curityM0nkey

User avatar

Jr. Member
Jr. Member

Posts: 89

Joined: Mon May 16, 2011 6:47 pm

Post Tue Sep 18, 2012 12:36 am

Re: New zero-day exploit for Internet Explorer 7, 8, and 9 on Windows XP, Vista

Cyber.spirit wrote:on windows xp or vista? You mean windows server 2003-2008 and windows seven is not vulnerable?


If you check out the blog post at the bottom is the link to the MS Advisory... but just in case you don't want to click that link here's another :

http://technet.microsoft.com/en-us/secu ... ry/2757760

The reason it wasn't in the subject was the title was too long... all fixed now.
<<

cyber.spirit

User avatar

Sr. Member
Sr. Member

Posts: 356

Joined: Sun Feb 26, 2012 8:07 am

Location: in your heart!

Post Tue Sep 18, 2012 12:43 am

Re: New zero-day exploit for Internet Explorer 7, 8, and 9 on Windows XP, Vista

thank u always technet is better! Atleast its famous!
ICS Academy Network Security Certified
<<

S3curityM0nkey

User avatar

Jr. Member
Jr. Member

Posts: 89

Joined: Mon May 16, 2011 6:47 pm

Post Tue Sep 18, 2012 12:46 am

Re: New zero-day exploit for Internet Explorer 7, 8, and 9 on Windows XP, Vista & 7

Not a problem...

Keep in mind that famous isn't always good... Ankit Fadia is famous in the IT Security world but he is FAR from good!!! Sometime its the unknowns that come up with the best information.
<<

Jamie.R

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Mon Aug 06, 2012 9:57 am

Location: UK

Post Tue Sep 18, 2012 3:09 am

Re: New zero-day exploit for Internet Explorer 7, 8, and 9 on Windows XP, Vista & 7

IS there a fix for this yet ?
| OSWP | eCPPT Silver and Gold | eWPT |

I'm an InterN0T'er
<<

S3curityM0nkey

User avatar

Jr. Member
Jr. Member

Posts: 89

Joined: Mon May 16, 2011 6:47 pm

Post Tue Sep 18, 2012 3:17 am

Re: New zero-day exploit for Internet Explorer 7, 8, and 9 on Windows XP, Vista & 7

Jamie.R wrote:IS there a fix for this yet ?


Nope.... just workarounds such as deploying the Enhanced Mitigation Experience Toolkit.... or upgrading IE to Firefox or Chrome...
<<

m0wgli

User avatar

Sr. Member
Sr. Member

Posts: 308

Joined: Fri Jul 20, 2012 3:34 pm

Post Wed Sep 19, 2012 2:00 am

Re: New zero-day exploit for Internet Explorer 7, 8, and 9 on Windows XP, Vista & 7

From the Microsoft Security response Center:

We will release a Fix it in the next few days to address an issue in Internet Explorer, as outlined in the Security Advisory 2757760 that we released yesterday.


http://blogs.technet.com/b/msrc/archive ... 57760.aspx

The Fix it is an easy-to-use, one-click, full-strength solution any Internet Explorer user can install. It will not affect your ability to browse the Web, and it will provide full protection against this issue until an update is available.
Security + | OSWP | eCPPT (Silver & Gold) | CSTA
<<

Jamie.R

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Mon Aug 06, 2012 9:57 am

Location: UK

Post Wed Sep 19, 2012 3:38 am

Re: New zero-day exploit for Internet Explorer 7, 8, and 9 on Windows XP, Vista & 7

Thanks for the information.
| OSWP | eCPPT Silver and Gold | eWPT |

I'm an InterN0T'er
<<

m0wgli

User avatar

Sr. Member
Sr. Member

Posts: 308

Joined: Fri Jul 20, 2012 3:34 pm

Post Thu Sep 20, 2012 2:02 pm

Re: New zero-day exploit for Internet Explorer 7, 8, and 9 on Windows XP, Vista & 7

Microsoft should be releasing an "out-of-band" patch for this tomorrow.

Microsoft will release the emergency update at approximately 1 p.m. ET Friday via the Microsoft Update and Windows Update services, as well as through WSUS (Windows Server Update Services), the de facto corporate patch deployment tool.


Source: http://www.computerworld.com/s/article/ ... onomyId=85
Security + | OSWP | eCPPT (Silver & Gold) | CSTA
<<

Jamie.R

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Mon Aug 06, 2012 9:57 am

Location: UK

Post Mon Sep 24, 2012 4:08 am

Re: New zero-day exploit for Internet Explorer 7, 8, and 9 on Windows XP, Vista & 7

Does anyone know if a patch been released yet I know there was a temp fix but also heard that it didn't always fix the problem.
| OSWP | eCPPT Silver and Gold | eWPT |

I'm an InterN0T'er
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Mon Sep 24, 2012 4:11 am

Re: New zero-day exploit for Internet Explorer 7, 8, and 9 on Windows XP, Vista & 7

<<

Jamie.R

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Mon Aug 06, 2012 9:57 am

Location: UK

Post Tue Sep 25, 2012 3:46 am

Re: New zero-day exploit for Internet Explorer 7, 8, and 9 on Windows XP, Vista & 7

Thanks for the links
| OSWP | eCPPT Silver and Gold | eWPT |

I'm an InterN0T'er

Return to Malware

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software