[1368] in Security FYI
[IS&T Security-FYI] Zero-day exploit for IE 7
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Wed Dec 10 13:10:25 2008
Message-Id: <A68AF020-D54C-4AAF-845D-3941440B4625@mit.edu>
From: Monique Yeaton <myeaton@MIT.EDU>
To: ist-security-fyi@MIT.EDU, itpartners@MIT.EDU, computing-help@MIT.EDU
Mime-Version: 1.0 (Apple Message framework v929.2)
Date: Wed, 10 Dec 2008 13:04:59 -0500
Content-Type: multipart/mixed; boundary="===============1187169712=="
Errors-To: ist-security-fyi-bounces@MIT.EDU
--===============1187169712==
Content-Type: multipart/alternative; boundary=Apple-Mail-14--630487111
--Apple-Mail-14--630487111
Content-Type: text/plain;
charset=US-ASCII;
format=flowed;
delsp=yes
Content-Transfer-Encoding: 7bit
This zero-day threat for Internet Explorer 7 was brought to my
attention today by colleague Mike Halsall. (A zero-day attack or
threat is a computer threat that tries to exploit unknown, undisclosed
or patchfree computer application vulnerabilities.):
A critical flaw in Microsoft Internet Explorer 7 has been discovered
and is being actively exploited on the Internet. Yesterday's patch
release by Microsoft did not include fixes for this vulnerability, so
it may become more prevalent until a patch is released.
In order for the attack to work, a user would be coerced to visit a
site hosting malicious JavaScript that exploits the flaw, at which
point a malicious program, compromising the computer, is downloaded
and run.
This exploit only works on computers running Windows XP or 2003 that
are running IE 7, and not Windows Vista. Best practices apply in
order to avoid being compromised: don't click on links in emails from
untrusted sources and steer clear from untrusted web sites.
A good analysis of the exploit can be found here:
http://www.breakingpointsystems.com/community/blog/patch-tuesdays-and-drive-by-sundays
-Monique
=========================
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://web.mit.edu/ist/security
--Apple-Mail-14--630487111
Content-Type: text/html;
charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
<html><body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; =
-webkit-line-break: after-white-space; "><div><br></div>This zero-day =
threat for Internet Explorer 7 was brought to my attention today by =
colleague Mike Halsall. (A zero-day attack or threat is a computer =
threat that tries to exploit unknown, undisclosed or patchfree computer =
application vulnerabilities.):<div><br></div><div>A critical flaw in =
Microsoft Internet Explorer 7 has been discovered and is being =
actively exploited on the Internet. Yesterday's patch =
release by Microsoft did not include fixes for this vulnerability, =
so it may become more prevalent until a patch is =
released.<br><br>In order for the attack to work, a user would be =
coerced to visit a site hosting malicious JavaScript that exploits =
the flaw, at which point a malicious program, compromising the =
computer, is downloaded and run.<br><br>This exploit only works on =
computers running Windows XP or 2003 that are running IE 7, and not =
Windows Vista. Best practices apply in order to avoid being =
compromised: don't click on links in emails from =
untrusted sources and steer clear from untrusted web =
sites.<br><div><br class=3D"webkit-block-placeholder"></div><div =
apple-content-edited=3D"true"> <span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; border-spacing: 0px 0px; color: =
rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: =
normal; font-variant: normal; font-weight: normal; letter-spacing: =
normal; line-height: normal; text-align: auto; =
-khtml-text-decorations-in-effect: none; text-indent: 0px; =
-apple-text-size-adjust: auto; text-transform: none; orphans: 2; =
white-space: normal; widows: 2; word-spacing: 0px; "><div =
style=3D"word-wrap: break-word; -khtml-nbsp-mode: space; =
-khtml-line-break: after-white-space; "><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; border-spacing: 0px 0px; color: =
rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: =
normal; font-variant: normal; font-weight: normal; letter-spacing: =
normal; line-height: normal; text-align: auto; =
-khtml-text-decorations-in-effect: none; text-indent: 0px; =
-apple-text-size-adjust: auto; text-transform: none; orphans: 2; =
white-space: normal; widows: 2; word-spacing: 0px; "><span =
class=3D"Apple-style-span" style=3D"border-collapse: separate; =
border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; =
font-size: 14px; font-style: normal; font-variant: normal; font-weight: =
normal; letter-spacing: normal; line-height: normal; text-align: auto; =
-khtml-text-decorations-in-effect: none; text-indent: 0px; =
-apple-text-size-adjust: auto; text-transform: none; orphans: 2; =
white-space: normal; widows: 2; word-spacing: 0px; "><span =
class=3D"Apple-style-span" style=3D"border-collapse: separate; =
border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; =
font-size: 14px; font-style: normal; font-variant: normal; font-weight: =
normal; letter-spacing: normal; line-height: normal; text-align: auto; =
-khtml-text-decorations-in-effect: none; text-indent: 0px; =
-apple-text-size-adjust: auto; text-transform: none; orphans: 2; =
white-space: normal; widows: 2; word-spacing: 0px; "><span =
class=3D"Apple-style-span" style=3D"border-collapse: separate; =
border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; =
font-size: 14px; font-style: normal; font-variant: normal; font-weight: =
normal; letter-spacing: normal; line-height: normal; text-align: auto; =
-khtml-text-decorations-in-effect: none; text-indent: 0px; =
-apple-text-size-adjust: auto; text-transform: none; orphans: 2; =
white-space: normal; widows: 2; word-spacing: 0px; "><span =
class=3D"Apple-style-span" style=3D"border-collapse: separate; =
border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; =
font-size: 14px; font-style: normal; font-variant: normal; font-weight: =
normal; letter-spacing: normal; line-height: normal; text-align: auto; =
-khtml-text-decorations-in-effect: none; text-indent: 0px; =
-apple-text-size-adjust: auto; text-transform: none; orphans: 2; =
white-space: normal; widows: 2; word-spacing: 0px; "><span =
class=3D"Apple-style-span" style=3D"border-collapse: separate; =
border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; =
font-size: 12px; font-style: normal; font-variant: normal; font-weight: =
normal; letter-spacing: normal; line-height: normal; text-align: auto; =
-khtml-text-decorations-in-effect: none; text-indent: 0px; =
-apple-text-size-adjust: auto; text-transform: none; orphans: 2; =
white-space: normal; widows: 2; word-spacing: 0px; "><span =
class=3D"Apple-style-span" style=3D"border-collapse: separate; =
border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; =
font-size: 12px; font-style: normal; font-variant: normal; font-weight: =
normal; letter-spacing: normal; line-height: normal; text-align: auto; =
-khtml-text-decorations-in-effect: none; text-indent: 0px; =
-apple-text-size-adjust: auto; text-transform: none; orphans: 2; =
white-space: normal; widows: 2; word-spacing: 0px; "><div style=3D""><font=
class=3D"Apple-style-span" size=3D"4"><span class=3D"Apple-style-span" =
style=3D"font-size: 14px;">A good analysis of the exploit can be found =
here:</span></font></div><div style=3D""><font class=3D"Apple-style-span" =
size=3D"4"><span class=3D"Apple-style-span" style=3D"font-size: =
14px;"><br></span></font></div><div style=3D""><font =
class=3D"Apple-style-span" size=3D"4"><span class=3D"Apple-style-span" =
style=3D"font-size: 14px;"><a =
href=3D"http://www.breakingpointsystems.com/community/blog/patch-tuesdays-=
and-drive-by-sundays">http://www.breakingpointsystems.com/community/blog/p=
atch-tuesdays-and-drive-by-sundays</a></span></font></div><div =
style=3D""><font class=3D"Apple-style-span" size=3D"4"><span =
class=3D"Apple-style-span" style=3D"font-size: =
14px;"><br></span></font></div><div style=3D""><font =
class=3D"Apple-style-span" size=3D"4"><span class=3D"Apple-style-span" =
style=3D"font-size: 14px;"><br></span></font></div><div style=3D"; =
font-size: 12px; "><font class=3D"Apple-style-span" size=3D"4"><span =
class=3D"Apple-style-span" style=3D"font-size: =
14px;">-Monique</span></font></div><div style=3D"font-size: 12px; "><br =
class=3D"khtml-block-placeholder"></div><div style=3D"font-size: 12px; =
"><span class=3D"Apple-style-span" style=3D"font-size: 12px; "><span =
class=3D"Apple-style-span" style=3D"font-size: 12px; "><span =
class=3D"Apple-style-span" style=3D"font-size: 12px; "><span =
class=3D"Apple-style-span" style=3D"font-size: 12px; "><span =
class=3D"Apple-style-span" style=3D"font-size: 12px; "><span =
class=3D"Apple-style-span" style=3D"font-size: 12px; =
">=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D</span></span></span></span></span></span></div><div =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; ">Monique =
Yeaton</span></span></span></span></span></span></div><div =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; ">IT Security Awareness =
Consultant</span></span></span></span></span></span></div><div =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; ">MIT Information Services & Technology =
(IS&T)</span></span></span></span></span></span></div><div =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; ">(617) =
253-2715</span></span></span></span></span></span></div><div =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><a =
href=3D"http://web.mit.edu/ist/security">http://web.mit.edu/ist/security</=
a></span></span></span></span></span></span></div><div style=3D"font-size:=
12px; "><br class=3D"khtml-block-placeholder"></div><br =
class=3D"Apple-interchange-newline"></span></span></span></span></span></s=
pan></span></div></span> </div><br></div></body></html>=
--Apple-Mail-14--630487111--
--===============1187169712==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============1187169712==--
