Internet Explorer 9 haunted by 'critical' security vulnerabilities

Internet Explorer 9 haunted by 'critical' security vulnerabilities

Summary: Microsoft fixes drive-by download flaws in the latest version of its dominant Internet Explorer browser and warns that exploits could emerge within 30 days.

SHARE:
46

Microsoft's shiny new Internet Explorer 9 browser contains critical security vulnerabilities that expose users to drive-by download attacks, the company warned today.

The IE warning highlights this month's batch of security patches from Microsoft where the company shipped eight security bulletins (two critical, six important) to cover gaping holes in Internet Explorer, .NET Framework & Silverlight, Microsoft Windows, Microsoft Forefront UAG and Microsoft Host Integration Server.follow Ryan Naraine on twitter

According to Microsoft, the IE vulnerabilities could be exploited if a user simply surfs to a maliciously rigged website.

The IE update (MS11-081), available for all users or Microsoft Windows and all versions of Internet Explorer, covers at least eight documented security holes in the world's most widely used browser.

The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

The update fixes the vulnerabilities by modifying the way that Internet Explorer handles objects in memory and the way that Internet Explorer allocates and accesses memory, Microsoft explained.

Microsoft is urging all Windows users to treat this with the utmost priority because of the likelihood of reliable exploit code within 30 days.  Malicious hackers typically reverse-engineer the patches to identify the flaws and write exploits immediately to launch malware attacks.

The second "critical" update (MS11-078) addresses a vulnerability in .NET Framework and Microsoft Silverlight that could expose users to remote code execution attacks.

The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.

Microsoft warns that a victim could be exploited if he/she browses to a malicious webpage with aSilverlight-enabled browser.

As with the IE patch, Microsoft exploits to see "reliable exploits" for Silverlight 3 over the next 30 days.

The company also raised an alert for a third bulletin (MS11-077) that covers at least four documented vulnerabilities in Windows kernel-mode drivers (Win32k.sys).

The most severe of these vulnerabilities could allow remote code execution if a user opens a specially crafted font file (such as a .fon file) in a network share, a UNC or WebDAV location, or an e-mail attachment, the company explained.

The security update addresses the vulnerabilities by correcting the way that the Windows kernel-mode drivers validate input passed from user mode, handle the TrueType font type, allocate the proper buffer size before writing to memory, and manage kernel-mode driver objects.

This month's Patch Tuesday batch also covers five privately reported vulnerabilities in Forefront Unified Access Gateway (UAG). The most severe of these vulnerabilities could allow remote code execution if a user visits an affected Web site using a specially crafted URL.

It also provides fixes for a solitary flaw in the Microsoft Windows Ancillary Function Driver (AFD) and two publicly disclosed vulnerabilities in Host Integration Server.

The Host Integration Server vulnerabilities could allow denial of service if a remote attacker sends specially crafted network packets to a Host Integration Server listening on UDP port 1478 or TCP ports 1477 and 1478.

Topics: Browser, Microsoft, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

46 comments
Log in or register to join the discussion
  • RE: Internet Explorer 9 haunted by 'critical' security vulnerabilities

    Oh, I thought these days were behind us...
    Jeremy-UK
    • Where they point out vulnerabilities in all browsers?

      @Jeremy-UK
      I know. MS, Google, Mozilla, they have their issues, but they're patched and that's that.

      Why do they keep making a big deal about all these browsers?
      William Farrell
      • I'll tell you why...

        @William Farrell

        Look for Ed Bott's post about "Your Browser Matters" where MS has a web site that grades your browser's "security level."

        Guess what browser gets all A's. It's a freakin joke.
        Splork
      • You told us why

        And IE gets a .... .... ?

        [i](silence in the background...)[/i]

        ;)
        ScorpioBlue
      • Agreed

        @William Farrell This is nothing new, Chrome just had some bad ones just recently. Firefox too. I guess IE still get's picked on. You have your fanboys for all the browsers. I just do the updates and don't worry a whole lot about what might happen.
        jscott418-22447200638980614791982928182376
    • RE: Internet Explorer 9 haunted by 'critical' security vulnerabilities

      @Jeremy-UK Not as long as every windows app requires admin rights to install. Hand over the computer keys...
      LarsDennert
    • RE: Internet Explorer 9 haunted by 'critical' security vulnerabilities

      <i>Oh, I thought these days were behind us...</i><br><br>So did I.

      LOL... :D
      ScorpioBlue
      • RE: Internet Explorer 9 haunted by 'critical' security vulnerabilities

        @ScorpioBlue

        Don't you have a loaded handgun you could go clean?
        Hallowed are the Ori
      • RE: Internet Explorer 9 haunted by 'critical' security vulnerabilities

        @Hallowed are the Ori<br><br>Don't you have a toilet you can stick your head in?
        ScorpioBlue
    • RE: Internet Explorer 9 haunted by 'critical' security vulnerabilities

      @Jeremy-UK
      Best browser - Chrome on a Mac...
      prof123
    • RE: Internet Explorer 9 haunted by 'critical' security vulnerabilities

      @Jeremy-UK

      No, Microsoft is still cranking out the code ...
      BrentRBrian
  • RE: Internet Explorer 9 haunted by 'critical' security vulnerabilities

    Ok, the use of "haunted" to describe products which get patched, is getting old. It's a software product, not a haunted house.
    PB_z
    • RE: Internet Explorer 9 haunted by 'critical' security vulnerabilities

      @PB_z

      And "gaping". I'm paranoid about security but these words became hackneyed, as far as Naraine's use, long ago.
      betelgeuse68
    • Obviously all browser have had secuity issues

      @PB_z So I read security briefs and all browsers have had zero day holes. I never heard any of these Firefox or Chrome users talking about going to another browser. Exploits come around every month to at least one popular browser. I never cry the sky is falling over any with Firefox or Chrome. Why should anyone with IE?
      jscott418-22447200638980614791982928182376
  • RE: Internet Explorer 9 haunted by 'critical' security vulnerabilities

    Ryan Narain's articles are haunted by his lazyness and lack of imagination/creativity.
    pupkin_z
  • RE: Internet Explorer 9 haunted by 'critical' security vulnerabilities

    The last ZDNet article I read was Microsoft panning FireFox and chrome security. Maybe next they will criticize Apple for not being openwith their mobile operating system
    kingcobra23
    • RE: Internet Explorer 9 haunted by 'critical' security vulnerabilities

      @kingcobra23

      Oh you mean like all the bugs they patched in the crappy iTunes software? Go look at the list of bugs patched in that POS and then tell me how good Apple is again.
      hopp64
  • RE: Internet Explorer 9 haunted by 'critical' security vulnerabilities

    Call in the ghost busters because these hauntings have been exorcised by patching. Really, patches are out, Microsoft Windows will automatically update for you so you don't have to do anything, and the attacker needs to send the user to a specially crafted website which won't be available for 30 days. This isn't much of an issue anymore.
    LoverockDavidson_-24231404894599612871915491754222
    • Grade for reading comprehension: FAIL

      @LoverockDavidson_

      Please read this <b>very carefully:</b>

      <i>Microsoft is urging all Windows users to treat this with the utmost priority <u>because of the likelihood of reliable exploit code within 30 days.</u></i>

      Now, please tell me how that can be construed to mean <i>"the attacker needs to send the user to a specially crafted website <u>which won't be available for 30 days</u>"</i>

      <b>Go back to school,</b> and take fifth grade over AGAIN!
      fatman65536
  • RE: Internet Explorer 9 haunted by 'critical' security vulnerabilities

    Interesting that the only adjective this writer knows is "gaping."
    PMC-CON