madison

Zero Day

Ryan Naraine and Dancho Danchev
Home / News & Blogs / Zero Day

Microsoft readies emergency IE patch to counter public exploits

By | January 19, 2010, 5:26am PST

Summary: The out-of-band update will be released once the company is satisfied that it has been properly tested against all affected versions of Windows.

UPDATE: Here is the official confirmation from Microsoft that an out-of-band patch is coming.  No official date yet.

Microsoft has started dropping broad hints that an emergency patch for Internet Explorer will be released very soon to counter targeted attacks and the publication of exploit code for a “browse and you’re owned” vulnerability in its flagship Web browser.

The out-of-band update will be released once the company is satisfied that it has been properly tested against all affected versions of Windows.  This could happen as early as this weekend.

[ SEE: Microsoft says Google was hacked with IE zero-day ]

The decision to ship the IE patch outside of Microsoft’s scheduled Patch Tuesday releases follows the release of exploit code into the Metasploit attack tool.

The Metasploit code only works against Internet Explorer 6 but there are claims in the security research community that the vulnerability has been successfully exploited on IE7 (Windows Vista) as well as IE6 and on Windows XP.

The vulnerability was discovered during zero-day attacks against several big-name U.S. companies, including Google, Adobe and Juniper Networks.  During those attacks, data-stealing malware exploited the flaw against systems running IE6 on Windows XP.

[ SEE: Adobe confirms 'sophisticated, coordinated' breach ]

Microsoft says the ongoing attacks remain “targeted to a very limited number of corporations” and are only effective against Internet Explorer 6.  However, with the exploit code now in Metasploit, malware purveyors could begin tinkering with exploits geared to newer versions of the browser.

Now, Microsoft is imploring its customers to upgrade immediately to IE 8.  A special guidance page has been published to offer information on how to mitigate this vulnerability and avoid attacks.

Microsoft’s Security Research & Defense team has created and released a one-click “Fix It” tool to allow users to enable DEP (Data Execution Prevention) on older versions of the browser.  DEP, a crucial anti-exploit mitigation, is enabled by default on IE8 only.

Here is a video showing the Metasploit exploit in action.

* Video from from Praetorian Prefect.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Vulnerability, Microsoft Internet Explorer 6, Exploit Code, Microsoft Internet Explorer, Microsoft Corp., Exploit, Data Execution Prevention, Attack, Web Browsers, Security, Internet, Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a security evangelist. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

Talkback Most Recent of 175 Talkback(s)

  • Where's patch for Office 2007
    When is MS going to release a patch for Office 2007 that contains pirated (stolen) software. It has been convicted twice in US courts for pirating software for iCi (Canada) and forced to remove copies Office 2007 from retailers shelves.

    And pay nearly $400 000 000 in damages. Of course like any deep pocketed offender it appeals (lost most recent) and is fighting all the way to Supreme Court.

    iCi had a product that it was selling (to Department of Defense for one) and collecting fees for maintenance contracts.

    This was until MS brought out their version of Office and suddenly iCi's business disappeared. Took years to get courts to force MS to open up their code for Office. Suddenly it was obvious stolen code embedded in Office. MS was caught.
    Where's the patch??
    ZDNet Gravatar
    wmroc
    19th Jan 2010
  • Are you for real???
    Do a little Binging and you will find your answer, or can you read?
    ZDNet Gravatar
    CrashPad
    19th Jan 2010
  • I've done my homework, but clearly you have not
    All web browsers have security issues, but IE8 is the most secure.

    "There is a critical JavaScript vulnerability in the Firefox 3.5 Web browser, Mozilla has warned."
    http://news.cnet.com/8301-1009_3-10287172-83.html

    "For the second time in two weeks, Google has shipped a new version of its Chrome browser to fix a pair of serious security vulnerabilities."
    http://blogs.zdnet.com/security/?p=3324

    There are numerous other examples, of course, for those who care to check the facts.
    ZDNet Gravatar
    Tim Acheson
    20th Jan 2010
  • There's a difference though...
    Mozilla and Google are patching these
    vulnerabilities BEFORE they're being exploited.

    Mozilla Firefox 3.5.x (the one you mentioned)
    has 0 unpatched vulnerabilites.
    http://secunia.com/advisories/product/25800/
    Mozilla Firefox 3.0.x has 0 unpatched
    vulnerabilities.
    http://secunia.com/advisories/product/19089/
    Google Chrome 3.x has 0 unpatched
    vulnerabilites
    http://secunia.com/advisories/product/25720/

    Amongst the older versions of both browsers, I
    found a total of 6 unpatched vulnerbilities--
    the highest rated is "Less Critical".

    Compare this to Microsoft:
    Internet Explorer 8.x 4 unpatched
    vulnerabilites
    http://secunia.com/advisories/product/21625/
    Internet Explorer 7.x 11 unpatched
    vulnerabilities
    http://secunia.com/advisories/product/12366/
    In both of those, the highest rating is
    "Extremely Critical."

    So yes they are all vulnerable. But, Mozilla
    and Google FIX THEIR VULNERABILITIES in a
    fairly rapid time. The only time Microsoft
    fixes them is if they become highly publicized
    because of an attack.

    Google and Mozilla: Security issue == fix.
    Microsoft. Bad Publicity == fix.

    Have a great day:)
    Patrick.
    ZDNet Gravatar
    pdickey043@...
    20th Jan 2010
  • Never heard of this one..........
    Of course I did hear about i4i suing Microsoft over an XML-related patent, where Microsoft has to pay $296 million dollars to them... AND remove the infringing content from any product placed on shelves after January 4, 2010 (may be a different date in January, 2010).

    Oh and I did hear that Microsoft has an update up on their site that removes the infringing content from your already purchased copies (even though they are not required to).

    As the other poster mentioned, BING or GOOGLE is your friend wink

    Since I know you're a busy troll, here's the link to the information on Microsoft's site http://support.microsoft.com/default.aspx?scid=kb;en-us;978951&sd=rss&spid=11377

    Have a great day:)
    Patrick.
    ZDNet Gravatar
    pdickey043@...
    19th Jan 2010
  • On their website..
    ZDNet Gravatar
    AzuMao
    19th Jan 2010
  • Irrelevant.
    That's just impertenent anti-MS rhetoric. It's not relevant to the securtiy issue being discussed.

    But for the record, yes there is an update removing that functionality, and has been for some time, so clearly you know nothing about the case you're trying to discuss.

    Of course, this is typical of anti-MS comments posted online: missing basic facts and frequently off-topic.
    ZDNet Gravatar
    Tim Acheson
    20th Jan 2010
  • Anyone seen Loverock?
    nt
    ZDNet Gravatar
    cpt_slog@...
    19th Jan 2010
  • LOOK EVERYONE!!! HE MENTIONS ME!!*@*!!
    It's great to be me! happy I get asked for by name. My popularity is growing not just on ZDNet but on other websites as well. I loveROCK!
    ZDNet Gravatar
    Loverock Davidson
    19th Jan 2010
  • You, octo-mom, and balloon boy's dad
    Congrats.
    ZDNet Gravatar
    ejhonda
    19th Jan 2010
    • Flagged
  • Don't be jealous
    Its not my fault I'm that good and popular.
    ZDNet Gravatar
    Loverock Davidson
    19th Jan 2010
    • Flagged
  • Lovie....*SNIFF-SNIFF*
    You stink!
    ZDNet Gravatar
    todbran@...
    19th Jan 2010
    • Flagged
  • Ahhh, Damn!
    I come here for the humor!
    ZDNet Gravatar
    aussiedawg
    19th Jan 2010
    • Flagged
  • Popular only for your idiocy. And good only at trolling.
    But hey, if that brings you joy in life, more
    power to you.
    ZDNet Gravatar
    AzuMao
    19th Jan 2010
    • Flagged
  • Feel unpopular?
    Daddy luuuuuuuvs yooooooooo.

    Feel better now?
    ZDNet Gravatar
    Lester Young
    19th Jan 2010
    • Flagged
View More Comments

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
Click Here
Click Here

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
Click Here