Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2012.0128.2 An unpatched vulnerability has been identified in Internet Explorer 7, 8 and 9 19 September 2012 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Internet Explorer 7 Internet Explorer 8 Internet Explorer 9 Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Resolution: Mitigation CVE Names: CVE-2012-4969 Member content until: Thursday, October 18 2012 Comment: AusCERT has received reports that this vulnerability is currently being exploited in the wild. Revision History: September 19 2012: Added CVE reference number September 18 2012: Initial Release OVERVIEW A serious vulnerability has been identified in Internet Explorer versions 7, 8 and 9. While Microsoft has yet to publish an update to correct this issue, it appears that proof of concept code exists for this vulnerability and there are reports of it being actively expoloited in the wild. [1, 2] IMPACT This vulnerability could allow for code execution within the context of the Internet Explorer user if a user browses to a malicious website. [3] MITIGATION At the time of publication of this bulletin, Microsoft has yet to release a patch to correct this issue. It is advised that administrators consider mitigating this risk via a number of methods: * A pre-defined list of "business related Internet sites" can be used to reduce the surface exposure of Internet Explorer. If the list of business-critical URLs has been pre-defined in an organisation's content filter, it is possible to allow users to continue using internal / intranet sites, and only expose Internet Explorer to trusted Internet sites. Note that compromises can occur through advertisement panels even from trusted sites, however using a business related sites list mitigates this threat to a large degree. * Where possible administrators should consider using an alternative web browser until this vulnerability has been patched. In light of this unpatched vulnerability it is a good opportunity for a timely reminder on the importance of having and adequate incident response plan. For example, how can your organisation reduce the effects should a vulnerability be used against you? Are users educated on safe browsing practices and are you able to recover servers in a timely fashion as well as other strategies that can reduce the impact of a successful attack. This is not an exhaustive list, however the key message is not just to try and block an attack, but to be prepared to reduce the impact should an attack be successful. REFERENCES [1] Exploit Released for Zero-Day in Internet Explorer http://krebsonsecurity.com/2012/09/exploit-released-for-zero-day-in-internet-explorer/ [2] IE Zero Day is "For Real" https://isc.sans.edu/diary/IE+Zero+Day+is+For+Real+/14107 [3] IE execCommand fuction Use after free Vulnerability 0day en http://blog.vulnhunt.com/index.php/2012/09/17/ie-execcommand-fuction-use-after-free-vulnerability-0day_en/ AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUFk57O4yVqjM2NGpAQJjzw//e6AZES0cVdMNSsZI/wd14v0dCI28DK/u rIehcBIL+X06kKU1OhDNw7RhCZOr4XGgpuTaxf0/yUsLSbmBmDgKIwuSenTvOKIl 9zdBSpYEi3yDskn4yaerutnh463IMJiT7BsxqUPu/Uouq8ThcEJwSHZ8j4f50PqD rn/IT41F1CC1f5PNq4XJof6uCHW9pE53QaAJquulkhdLkzD4eNZ41VusPHxI6U8Y lqHr8r0loueRFRfS8JpsQ6iyF7Lqrc87N38gKdUajvWYb4otGxPMpZ+2ow2sHToc HURP3qPU43w2Yirwp38osrlN6nHzm3ZaQ2nk8NBGD5A04RoygjsDjOA56+VVmhta tDYNM2/xKueip1uZZSwrpmL19ka9CtUXa0iFLTwEkGczH9rnHZBGFmximnxDdYWr y08xva7gh6dvPybulXtw2jTXQJsMyXGy2Zet+4POY7E975wF1ux9jnzqnMjuESPK DBxBW4Wt1Xu3rY/4ic/whBMMTJFnY1JU2quPiE4/5ecPIkiOpTV+GKNZL6QXBiub TVxogHhlQghyFaGSfLWF+mUi+siYrBI0N5LRLDeVGcv5Fg09trFg9nzNpah/tIrk 7fVxNLIUWRwJPcXzz7s9o0F2Ns9tgSF2hayOtTs83zrFRXOyBdQtfxui0HGXefq9 Tn8KSKW0zTk= =beyd -----END PGP SIGNATURE-----