[2823] in Security FYI
[IS&T Security-FYI] SECURITY ADVISORY: Zero-Day Vulnerability in
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Thu Sep 20 09:41:46 2012
From: Monique Yeaton <myeaton@mit.edu>
To: "ist-security-fyi@mit.edu" <ist-security-fyi@mit.edu>
Date: Thu, 20 Sep 2012 13:39:08 +0000
Message-ID: <CC809486.2E556%myeaton@exchange.mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============1798724390=="
Errors-To: ist-security-fyi-bounces@mit.edu
--===============1798724390==
Content-Language: en-US
Content-Type: multipart/alternative;
boundary="_000_CC8094862E556myeatonexchangemitedu_"
--_000_CC8094862E556myeatonexchangemitedu_
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
Information Services & Technology (IS&T) would like to make the MIT communi=
ty aware of a security advisory being published by Microsoft concerning the=
Internet Explorer web-browser.
What
Microsoft has announced the discovery of a zero-day exploit found Internet =
Explorer. The exploit allows an attacker to compromise affected machines w=
hen specially crafted web-content is viewed with Internet Explorer. Micros=
oft is actively working on a patch for Internet Explorer; all major antivir=
us and anti-malware programs are currently unable to prevent or detect this=
exploit.
What is a zero-day vulnerability?
A zero-day vulnerability is a previously unknown exploit in a computer appl=
ication, meaning that the attack occurs on =93day zero=94 of awareness of t=
he vulnerability. This means that the developers have had zero days to add=
ress and patch the vulnerability. [Source: Wikipedia]
Who Is Affected
Microsoft Windows XP, Windows Vista, Windows 7, Windows Server 2003 and Win=
dows Server 2008 systems with Internet Explorer versions 6, 7, 8, or 9 inst=
alled. Those using Microsoft Outlook, Outlook Express and Windows Mail are=
also at risk.
Mitigation Instructions
Alternative browsers, including Mozilla Firefox and Google Chrome, are unaf=
fected by this exploit -- these browsers can be used as an Internet Explore=
r alternative until a patch has been released by Microsoft.
Internet Explorer, Microsoft Outlook, Outlook Express and Windows Mail user=
s should be extra vigilant when opening links received via email.
More Information
More information about this specific zero-day exploit can be found on Micro=
soft=92s Security Advisory site:
http://technet.microsoft.com/en-us/security/advisory/2757760
and here:
http://arstechnica.com/security/2012/09/critical-zero-day-bug-in-microsoft-=
internet-explorer/
Next steps
Another notice will be sent when Microsoft has addressed this zero-day vuln=
erability or more information becomes available.
Thanks,
Monique
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
--_000_CC8094862E556myeatonexchangemitedu_
Content-Type: text/html; charset="Windows-1252"
Content-ID: <40940F0462E32B40BB7160E1232BA0FD@exchange.mit.edu>
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DWindows-1=
252">
</head>
<body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin=
e-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-fami=
ly: Garamond, sans-serif; ">
<div>
<div>
<div><span class=3D"Apple-style-span" style=3D"font-family: Garamond; font-=
size: medium; ">Information Services & Technology (IS&T) would=
like to make the MIT community aware of a security advisory bein=
g published by Microsoft concerning the Internet Explorer web-browser.</spa=
n><span class=3D"Apple-style-span" style=3D"font-family: Garamond; font-siz=
e: medium; "><br>
</span><span class=3D"Apple-style-span" style=3D"font-family: Garamond; fon=
t-size: medium; "> </span><span class=3D"Apple-style-span" style=3D"fo=
nt-family: Garamond; font-size: medium; "><br>
</span><span class=3D"Apple-style-span" style=3D"font-family: Garamond; fon=
t-size: medium; "><b>What</b></span><span class=3D"Apple-style-span" style=
=3D"font-family: Garamond; font-size: medium; "><br>
</span><span class=3D"Apple-style-span" style=3D"font-family: Garamond; fon=
t-size: medium; "> &=
nbsp;</span><span class=3D"Apple-style-span" style=3D"font-family: Garamond=
; font-size: medium; "><br>
</span><span class=3D"Apple-style-span" style=3D"font-family: Garamond; fon=
t-size: medium; ">Microsoft has announced the discovery of a zero-day =
exploit found Internet Explorer. The exploit allows an atta=
cker to compromise affected machines when specially crafted
web-content is viewed with Internet Explorer. Microso=
ft is actively working on a patch for Internet Explorer; all major&nbs=
p;antivirus and anti-malware programs are currently unable to prevent =
or detect this exploit.</span><span class=3D"Apple-style-span" style=3D"fon=
t-family: Garamond; font-size: medium; "><br>
</span><span class=3D"Apple-style-span" style=3D"font-family: Garamond; fon=
t-size: medium; "> </span><span class=3D"Apple-style-span" style=3D"fo=
nt-family: Garamond; font-size: medium; "><br>
</span><span class=3D"Apple-style-span" style=3D"font-family: Garamond; fon=
t-size: medium; "><b>What is a zero-day vulnerability?<br>
</b></span><span class=3D"Apple-style-span" style=3D"font-family: Garamond;=
font-size: medium; "> </span><span class=3D"Apple-style-span" style=
=3D"font-family: Garamond; font-size: medium; "><br>
</span><span class=3D"Apple-style-span" style=3D"font-family: Garamond; fon=
t-size: medium; ">A zero-day vulnerability is a previously u=
nknown exploit in a computer application, meaning that the attack occu=
rs on =93day zero=94 of awareness of the vulnerability. This
means that the developers have had zero days to address and patc=
h the vulnerability. [Source: Wikipedia]</span><span class=3D"Apple-style-s=
pan" style=3D"font-family: Garamond; font-size: medium; "><br>
</span><span class=3D"Apple-style-span" style=3D"font-family: Garamond; fon=
t-size: medium; "> </span><span class=3D"Apple-style-span" style=3D"fo=
nt-family: Garamond; font-size: medium; "><br>
</span><span class=3D"Apple-style-span" style=3D"font-family: Garamond; fon=
t-size: medium; "><b>Who Is Affected<br>
</b></span><span class=3D"Apple-style-span" style=3D"font-family: Garamond;=
font-size: medium; "> &nbs=
p; </span><span class=3D"Apple-style-span" style=3D"font-family: Gara=
mond; font-size: medium; "><br>
</span><span class=3D"Apple-style-span" style=3D"font-family: Garamond; fon=
t-size: medium; ">Microsoft Windows XP, Windows Vista, Windows 7, Wind=
ows Server 2003 and Windows Server 2008 systems with Internet Exp=
lorer versions 6, 7, 8, or 9 installed. Those using
Microsoft Outlook, Outlook Express and Windows Mail are also at =
risk.</span><span class=3D"Apple-style-span" style=3D"font-family: Garamond=
; font-size: medium; "><br>
</span><span class=3D"Apple-style-span" style=3D"font-family: Garamond; fon=
t-size: medium; "> </span><span class=3D"Apple-style-span" style=3D"fo=
nt-family: Garamond; font-size: medium; "><br>
</span><span class=3D"Apple-style-span" style=3D"font-family: Garamond; fon=
t-size: medium; "><b>Mitigation Instructions<br>
</b></span><span class=3D"Apple-style-span" style=3D"font-family: Garamond;=
font-size: medium; "> </span><span class=3D"Apple-style-span" style=
=3D"font-family: Garamond; font-size: medium; "><br>
</span><span class=3D"Apple-style-span" style=3D"font-family: Garamond; fon=
t-size: medium; ">Alternative browsers, including Mozilla Firefox and =
Google Chrome, are unaffected by this exploit -- these browsers can be=
used as an Internet Explorer alternative until
a patch has been released by Microsoft.</span>
<div style=3D"font-family: Garamond; font-size: medium; "><br>
Internet Explorer, Microsoft Outlook, Outlook Express and Windows Mail=
users should be extra vigilant when opening links received via e=
mail.<br>
<br>
<b>More Information<br>
</b> <br>
More information about this specific zero-day exploit can be found on =
Microsoft=92s Security Advisory site:<br>
<br>
<a href=3D"http://technet.microsoft.com/en-us/security/advisory/2757760">ht=
tp://technet.microsoft.com/en-us/security/advisory/2757760</a><br>
<br>
and here:<br>
<br>
<a href=3D"http://arstechnica.com/security/2012/09/critical-zero-day-bug-in=
-microsoft-internet-explorer/">http://arstechnica.com/security/2012/09/crit=
ical-zero-day-bug-in-microsoft-internet-explorer/</a> <br>
<br>
<b>Next steps</b><br>
<br>
Another notice will be sent when Microsoft has addressed this zero-day =
;vulnerability or more information becomes available.</div>
</div>
<div style=3D"font-family: Garamond; font-size: medium; "><br>
</div>
<div style=3D"font-family: Garamond; font-size: medium; "><br>
</div>
<div><span class=3D"Apple-style-span" style=3D"font-family: Helvetica; ">
<div style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line=
-break: after-white-space; ">
<span class=3D"Apple-style-span" style=3D"border-collapse: separate; -webki=
t-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; col=
or: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: norm=
al; font-variant: normal; font-weight: normal; letter-spacing: normal; line=
-height: normal; -webkit-text-decorations-in-effect: none; text-indent: 0px=
; -webkit-text-size-adjust: auto; text-transform: none; orphans: 2; white-s=
pace: normal; widows: 2; word-spacing: 0px; "><span class=3D"Apple-style-sp=
an" style=3D"border-collapse: separate; -webkit-border-horizontal-spacing: =
0px; -webkit-border-vertical-spacing: 0px; color: rgb(0, 0, 0); font-family=
: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; fon=
t-weight: normal; letter-spacing: normal; line-height: normal; -webkit-text=
-decorations-in-effect: none; text-indent: 0px; -webkit-text-size-adjust: a=
uto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word=
-spacing: 0px; "><span class=3D"Apple-style-span" style=3D"border-collapse:=
separate; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-=
spacing: 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px;=
font-style: normal; font-variant: normal; font-weight: normal; letter-spac=
ing: normal; line-height: normal; -webkit-text-decorations-in-effect: none;=
text-indent: 0px; -webkit-text-size-adjust: auto; text-transform: none; or=
phans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><span class=
=3D"Apple-style-span" style=3D"border-collapse: separate; -webkit-border-ho=
rizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; color: rgb(0, =
0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-va=
riant: normal; font-weight: normal; letter-spacing: normal; line-height: no=
rmal; -webkit-text-decorations-in-effect: none; text-indent: 0px; -webkit-t=
ext-size-adjust: auto; text-transform: none; orphans: 2; white-space: norma=
l; widows: 2; word-spacing: 0px; "><span class=3D"Apple-style-span" style=
=3D"border-collapse: separate; -webkit-border-horizontal-spacing: 0px; -web=
kit-border-vertical-spacing: 0px; color: rgb(0, 0, 0); font-family: Helveti=
ca; font-size: 14px; font-style: normal; font-variant: normal; font-weight:=
normal; letter-spacing: normal; line-height: normal; -webkit-text-decorati=
ons-in-effect: none; text-indent: 0px; -webkit-text-size-adjust: auto; text=
-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing:=
0px; "><span class=3D"Apple-style-span" style=3D"border-collapse: separate=
; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: =
0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-sty=
le: normal; font-variant: normal; font-weight: normal; letter-spacing: norm=
al; line-height: normal; -webkit-text-decorations-in-effect: none; text-ind=
ent: 0px; -webkit-text-size-adjust: auto; text-transform: none; orphans: 2;=
white-space: normal; widows: 2; word-spacing: 0px; "><span class=3D"Apple-=
style-span" style=3D"border-collapse: separate; -webkit-border-horizontal-s=
pacing: 0px; -webkit-border-vertical-spacing: 0px; color: rgb(0, 0, 0); fon=
t-family: Helvetica; font-size: 12px; font-style: normal; font-variant: nor=
mal; font-weight: normal; letter-spacing: normal; line-height: normal; -web=
kit-text-decorations-in-effect: none; text-indent: 0px; -webkit-text-size-a=
djust: auto; text-transform: none; orphans: 2; white-space: normal; widows:=
2; word-spacing: 0px; ">
<div style=3D"font-size: 12px; "><font class=3D"Apple-style-span" size=3D"4=
"><span class=3D"Apple-style-span" style=3D"font-size: 14px;"><span class=
=3D"Apple-style-span" style=3D"font-size: 12px; ">Thanks,</span></span></fo=
nt></div>
<div style=3D"font-size: 12px; "><font class=3D"Apple-style-span" size=3D"4=
"><span class=3D"Apple-style-span" style=3D"font-size: 14px;"><span class=
=3D"Apple-style-span" style=3D"font-size: 12px; "><br>
</span></span></font></div>
<div style=3D"font-size: 12px; "><font class=3D"Apple-style-span" size=3D"4=
"><span class=3D"Apple-style-span" style=3D"font-size: 14px;"><span class=
=3D"Apple-style-span" style=3D"font-size: 12px; ">Monique</span></span></fo=
nt></div>
<div style=3D"font-size: 12px; "><br class=3D"khtml-block-placeholder">
</div>
<div style=3D"font-size: 12px; "><span class=3D"Apple-style-span" style=3D"=
font-size: 12px; "><span class=3D"Apple-style-span" style=3D"font-size: 12p=
x; "><span class=3D"Apple-style-span" style=3D"font-size: 12px; "><span cla=
ss=3D"Apple-style-span" style=3D"font-size: 12px; "><span class=3D"Apple-st=
yle-span" style=3D"font-size: 12px; "><span class=3D"Apple-style-span" styl=
e=3D"font-size: 12px; ">=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D</span></span></span></span></span></span></div>
<div style=3D"font-size: 12px; "><span class=3D"Apple-style-span" style=3D"=
font-size: 12px; "><span class=3D"Apple-style-span" style=3D"font-size: 12p=
x; "><span class=3D"Apple-style-span" style=3D"font-size: 12px; "><span cla=
ss=3D"Apple-style-span" style=3D"font-size: 12px; "><span class=3D"Apple-st=
yle-span" style=3D"font-size: 12px; "><span class=3D"Apple-style-span" styl=
e=3D"font-size: 12px; ">Monique
Yeaton</span></span></span></span></span></span></div>
<div style=3D"font-size: 12px; "><span class=3D"Apple-style-span" style=3D"=
font-size: 12px; "><span class=3D"Apple-style-span" style=3D"font-size: 12p=
x; "><span class=3D"Apple-style-span" style=3D"font-size: 12px; "><span cla=
ss=3D"Apple-style-span" style=3D"font-size: 12px; "><span class=3D"Apple-st=
yle-span" style=3D"font-size: 12px; "><span class=3D"Apple-style-span" styl=
e=3D"font-size: 12px; ">IT
Security Communications Consultant</span></span></span></span></span></spa=
n></div>
<div style=3D"font-size: 12px; "><span class=3D"Apple-style-span" style=3D"=
font-size: 12px; "><span class=3D"Apple-style-span" style=3D"font-size: 12p=
x; "><span class=3D"Apple-style-span" style=3D"font-size: 12px; "><span cla=
ss=3D"Apple-style-span" style=3D"font-size: 12px; "><span class=3D"Apple-st=
yle-span" style=3D"font-size: 12px; "><span class=3D"Apple-style-span" styl=
e=3D"font-size: 12px; ">MIT
Information Services & Technology (IS&T)</span></span></span></spa=
n></span></span></div>
<div style=3D"font-size: 12px; "><span class=3D"Apple-style-span" style=3D"=
font-size: 12px; "><span class=3D"Apple-style-span" style=3D"font-size: 12p=
x; "><span class=3D"Apple-style-span" style=3D"font-size: 12px; "><span cla=
ss=3D"Apple-style-span" style=3D"font-size: 12px; "><span class=3D"Apple-st=
yle-span" style=3D"font-size: 12px; "><span class=3D"Apple-style-span" styl=
e=3D"font-size: 12px; ">(617)
253-2715</span></span></span></span></span></span></div>
<div style=3D"font-size: 12px; "><span class=3D"Apple-style-span" style=3D"=
font-size: 12px; "><span class=3D"Apple-style-span" style=3D"font-size: 12p=
x; "><span class=3D"Apple-style-span" style=3D"font-size: 12px; "><span cla=
ss=3D"Apple-style-span" style=3D"font-size: 12px; "><span class=3D"Apple-st=
yle-span" style=3D"font-size: 12px; "><span class=3D"Apple-style-span" styl=
e=3D"font-size: 12px; ">http://ist.mit.edu/security</span></span></span></s=
pan></span></span></div>
<div style=3D"font-size: 12px; "><br class=3D"khtml-block-placeholder">
</div>
<br class=3D"Apple-interchange-newline">
</span></span></span></span></span></span></span></div>
</span></div>
</div>
</div>
</body>
</html>
--_000_CC8094862E556myeatonexchangemitedu_--
--===============1798724390==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============1798724390==--
