Must Read: Apple to Congress: We do not use 'tax gimmicks'

Topic: Windows

Microsoft warns of new IE data-leakage vulnerability

Summary: Microsoft says the risk is highest for IE users running Windows XP or who have disabled the browser's Protected Mode feature.

Ryan Naraine

By for Zero Day |

Microsoft today issued a security advisory to acknowledge an information disclosure hole in its Internet Explorer browser and warned that an attacker could exploit the flaw to access files with an already known filename and location.

The vulnerability was first discussed at this week's Black Hat DC conference by Jorge Luis Alvarez Medina, a security consultant with Core Security Technologies.   Microsoft says the risk is highest for IE users running Windows XP or who have disabled the browser's Protected Mode feature.

Medina's  presentation demonstrated how an attacker can read every file of an IE user's filesystem.  The attack scenario leveraged different design features of Internet Explorer that can be combined to do serious damage.

Here's more on Medina's talk from DarkReading's Kelly Jackson-Higgins:

[Medina] says popular features in IE, such as URL Security Zones and the browser's file-sharing protocol, can together be abused to execute an attack that results in the attacker being able to read all files on the victim's machine. Medina plans to release proof-of-concept code for the attack next month after Black Hat DC, and after Microsoft issues a security update for the attack, which affects IE versions 6 and above, he says.

"These vulnerabilities are just features ... the implementation of the features allow you to obtain certain information, which by itself is harmless. But when combined together with other features, it renders an attack vector," Medina says. The attack requires the user to click on a malicious link.

According to Microsoft's advisory,  IE's Protected Mode prevents exploitation of this vulnerability and is running by default for versions of Internet Explorer on Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008.

The problem does affect every version of the browser but is considered most serious on Windows XP.

The vulnerability exists due to content being forced to render incorrectly from local files in such a way that information can be exposed to malicious websites.

For pre-patch mitigations, see the "workarounds" section of Microsoft's advisory.

Topics: Windows, Browser, Microsoft, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

32 comments
Log in or register to join the discussion

  • Isn't it fun when every IE vuln gets a headline, but not other browsers'..?

    .
    Qbt
    Reply Vote

    • Well...

      that comes with 60+% market share.
      LandonAB
      Reply Vote

      • more like 50%...

        http://w3counter.com/globalstats.php

        1 Internet Explorer 8 23.69%
        2 Firefox 3.5 23.30%
        3 Internet Explorer 7 15.59%
        4 Internet Explorer 6 10.41%
        5 Firefox 3 6.29%

        The IE6 number should drop sharply for 2/2010 stats... hopefully :)
        ~doolittle~
        Reply Vote

    • 9 times out of 10 zdnet security blog tells me why firefox updated itself

      The next time Firefox restarts itself for an update, head on over here and it's usually on the front page.
      ~doolittle~
      Reply Vote

      • A difference between "applied a patch for multiple fixes"...

        There is a difference between "applied a patch for multiple fixes" and pointing out every single IE bug. We all know IE gets updated once a month, and similarly you can find multiple ZDNet blogs about it.
        Qbt
        Reply Vote

        • A difference between fixed vulnerabilities and exploitable vulnerabilities

          is infinitely more important.
          AzuMao
          Reply Vote

    • But

      The article itself is fair, it does mention protected mode as a mitigating factor and that is on by default on certain windows systems.
      jdbukis@...
      Reply Vote

    • Good. We need more "Stop using IE!" headlines.

      We spend a [i]despicable[/i] amount of time and money accommodating IE6, because some of our major customers refuse to deal with vendors who do not support it.

      [b]IE6 needs to die![/b]

      And considering that the latest IE6 bug I had to work around is also present in IE7...
      Zogg
      Reply Vote

    • Fun indeed...

      Especially as you're wrong. zdnet does not splash about IE/Windows vulnerabilities more than any other system. In fact, they tend to rant more about the others than they do Windows/IE stuff.

      That and I'm sure if they are posting about Windows/IE flaws they're just doing it to tick you (in particular) off.
      zkiwi
      Reply Vote

    • Apple Gets Reemed from Time to Time

      There've been headlines for Safari, particularly with the past Apple mega patches. Also, shortly after the pwn2own stuff, Safari got a lot of attention since it was the weak point in the winning hack.
      WarhavenSC
      Reply Vote

    • The others do too.

      When they are known for more than a day without being fixed, anyways.

      Oh wait, that rules out like 99% of the vulnerabilities in non-IE browsers. Whoops.
      AzuMao
      Reply Vote

  • RE: Microsoft warns of new IE data-leakage vulnerability

    [i]The attack requires the user to click on a malicious link.[/i]

    Such a non-story. First you have to social engineer the user to go to click on the link. Since people only go to the same 5 or 6 trusted sites that simply isn't going to happen. The other factor is that now that people are upgrading to Microsoft Windows 7 in the masses, along with no proof of concept code or anything in the wild, this whole thing is just about dead. Move along, nothing to see here.
    Loverock Davidson
    Reply Vote

    • XP is still rockin' the house

      http://w3counter.com/globalstats.php

      Operating Systems
      1 Windows XP 55.08%
      2 Windows Vista 20.80%
      3 Windows 7 9.11%
      4 Mac OS X 7.87%
      5 Linux 1.63%
      ~doolittle~
      Reply Vote

      • XP Dominates! Thanks for the link (nt)

        nt
        psquared007
        Reply Vote

      • Linux @ 1.63%..?!

        Woohoo! That's an increase of almost 80% above the last share statistic I read. *LD is gettin' nervous* LOL
        RickB9
        Reply Vote

        • RE:Linux @ 1.63%..?!

          Any number for Linux is mostly semi educated guess work. Compelling arguments can be made for numbers ranging from less than 1% to more than 10%. Which one(s) are you going to believe? Why does it matter?
          joe6pack_z
          Reply Vote

          • Because..

            ..if someone says less consumers use Linux, Windows apologists can
            use this as an excuse for Windows' insecurity.
            AzuMao
            Reply Vote

    • Where do you get

      your "facts"? Particularly, you've never provided any source for your "5 or 6 trusted sites" assertion which you have made numerous time. Feel as free to share your source as you do your assertion.

      Further, by your definition above, can you really hold any vendor responsible for vulnerabilities as they are frequently only a threat if a user is not taking additional precautions. Therefore, its always the users fault.
      Viva la crank dodo
      Reply Vote

      • Apparently porn doesn't exist in his little world. [nt]

        [nt]
        olePigeon
        Reply Vote

    • Nothing to see indeed.

      If you don't click on any links, you don't see any websites.

      This isn't enough of course. Only a stupid user would forget to
      unplug the Cat5 cable and turn off any 802.xx devices before
      booting up Windows. In which case it is totally their fault when
      they get hacked.
      AzuMao
      Reply Vote
CNET Join | Log In | Privacy | Cookies Close