Tag Archives: IE

Internet Explorer Still Vulnerable

Regarding IE 2012 Year End Vulnerability there is ‘Fix it’ available however there is no patch in Microsoft’s January Security Updates.  This could lead to an out-of-cycle patch and the current guidance is:

Leave a Comment

IE – Year End 0-day

Zero day attack on Internet Explorer 0-day (CEV-2012-4792)! How quick did you respond to the interruption this holiday vacation?  IE 8, 7, and 6 makes up one-third of all desktop browser market. For consumers with XP OS, IE 9 and 10 are not supported; best to start using an additional browser such as Mozilla Firefox or Google Chrome.

Microsoft Security Advisory (2794220) explains:

The vulnerability is a remote code execution vulnerability that exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.

For corporations needing IE on XP and who are unable to upgrade, Microsoft has a Fit It tool available (KB2794220).  Remember that a ‘Fix It’ is not a patch, rather an easy method to apply workaround configuration changes. Also note that you should remove the ‘Fit It’ once the final patch is applied.

It seems that one of the reasons for lunching the attacks during the holiday period was because of the belief  that IT/Security Administrators would be slower to respond. Where you or your team?

Leave a Comment