Internet Explorer 8 Zero-Day,Microsoft Security Advisory (2847140)

Internet Explorer 8 Zero-Day,Microsoft Security Advisory (2847140)
 
By bluecollarpcLast updated: Monday, May 6, 2013
 

Microsoft Security Advisory (2847140)
Vulnerability in Internet Explorer Could Allow Remote Code Execution

Published: Friday, May 03, 2013

http://technet.microsoft.com/en-us/security/advisory/2847140

Version: 1.0

Microsoft is investigating public reports of a vulnerability in Internet Explorer 8. Microsoft is aware of attacks that attempt to exploit this vulnerability.

Internet Explorer 6, Internet Explorer 7, Internet Explorer 9, and Internet Explorer 10 are not affected by the vulnerability.

This is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly ……

[[[ Basically you can upgrade to version 9, or if you want to keep Version 8 then open Internet Options (Tools tab on browser or in Control Panel – click Classic View to see this) and click the Security Tab and shove the slide bar on left all the way up to HIGH which now stops all kinds of scripts at webpages and Active X and embedded autorun media players and etc etc etc. Keep quality antimalware installed and up to date as the only protection then – Real Time Protection heuristics or sometimes called HIPS etc. You can always retrograde back to Version 8 after an Emergency Out Of Cycle Patch/Fix is issued by Microsoft through Windows Updates and then Apply.
gerald philly pa usa ]]]

PRESS:

New Internet Explorer 8 Zero-Day Used in Watering Hole Attack …
www.symantec.com/…/new-internet-explorer-8-zero-day-used-watering-hole-attack
6 hours ago … Symantec helps consumers and organizations secure and manage their
information-driven world. Our software and services protect against …
http://www.symantec.com/connect/blogs/new-internet-explorer-8-zero-day-used-watering-hole-attack

Microsoft admits zero-day bug in IE8, pledges patch – Computerworld
www.computerworld.com/…/Microsoft_admits_zero_day_bug_in_IE8_pledges_patch
18 hours ago … Computerworld – Microsoft late Friday confirmed that a “zero-day,” or unpatched,
vulnerability exists in Internet Explorer 8 (IE8), the company’s …
http://www.computerworld.com/s/article/9238922/Microsoft_admits_zero_day_bug_in_IE8_pledges_patch

Zero-Day Exploit Enabled Cyber-Attack on U.S. Labor Department – eWeekeWeek
In the latest incident of nation-state cyber-attacks, attackers slipped malware onto the agency’s site, apparently aiming to compromise nuclear-energy officials from the Department of Energy. Hackers compromised the U.S. Department of Labor’s Web site …
http://www.eweek.com/security/zero-day-exploit-enabled-cyber-attack-on-us-labor-department/

Internet Explorer zero-day exploit targets nuclear weapons researchers
Ars Technica
Attackers exploited a previously unknown and currently unpatched
security bug in Microsoft’s Internet Explorer browser to surreptitiously
install malware on the computers of federal government workers involved
in nuclear weapons research, researchers …
http://arstechnica.com/security/2013/05/internet-explorer-zero-day-exploit-targets-nuclear-weapons-researchers/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+arstechnica%2Findex+

<http://arstechnica.com/security/2013/05/internet-explorer-zero-day-exploit-targets-nuclear-weapons-researchers/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+arstechnica%2Findex+>

Advertisements

Internet Explorer 8 Zero-Day,Microsoft Security Advisory (2847140)

Internet Explorer 8 Zero-Day,Microsoft Security Advisory (2847140)

Microsoft Security Advisory (2847140)
Vulnerability in Internet Explorer Could Allow Remote Code Execution

Published: Friday, May 03, 2013

http://technet.microsoft.com/en-us/security/advisory/2847140

Version: 1.0

Microsoft is investigating public reports of a vulnerability in Internet Explorer 8. Microsoft is aware of attacks that attempt to exploit this vulnerability.

Internet Explorer 6, Internet Explorer 7, Internet Explorer 9, and Internet Explorer 10 are not affected by the vulnerability.

This is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly ……

[[[ Basically you can upgrade to version 9, or if you want to keep Version 8 then open Internet Options (Tools tab on browser or in Control Panel – click Classic View to see this) and click the Security Tab and shove the slide bar on left all the way up to HIGH which now stops all kinds of scripts at webpages and Active X and embedded autorun media players and etc etc etc. Keep quality antimalware installed and up to date as the only protection then – Real Time Protection heuristics or sometimes called HIPS etc. You can always retrograde back to Version 8 after an Emergency Out Of Cycle Patch/Fix is issued by Microsoft through Windows Updates and then Apply.
gerald philly pa usa ]]]

PRESS:

New Internet Explorer 8 Zero-Day Used in Watering Hole Attack …
www.symantec.com/…/new-internet-explorer-8-zero-day-used-watering-hole-attack
6 hours ago … Symantec helps consumers and organizations secure and manage their
information-driven world. Our software and services protect against …
http://www.symantec.com/connect/blogs/new-internet-explorer-8-zero-day-used-watering-hole-attack

Microsoft admits zero-day bug in IE8, pledges patch – Computerworld
www.computerworld.com/…/Microsoft_admits_zero_day_bug_in_IE8_pledges_patch
18 hours ago … Computerworld – Microsoft late Friday confirmed that a “zero-day,” or unpatched,
vulnerability exists in Internet Explorer 8 (IE8), the company’s …
http://www.computerworld.com/s/article/9238922/Microsoft_admits_zero_day_bug_in_IE8_pledges_patch

Zero-Day Exploit Enabled Cyber-Attack on U.S. Labor Department – eWeekeWeek
In the latest incident of nation-state cyber-attacks, attackers slipped malware onto the agency’s site, apparently aiming to compromise nuclear-energy officials from the Department of Energy. Hackers compromised the U.S. Department of Labor’s Web site …
http://www.eweek.com/security/zero-day-exploit-enabled-cyber-attack-on-us-labor-department/

Internet Explorer zero-day exploit targets nuclear weapons researchers
Ars Technica
Attackers exploited a previously unknown and currently unpatched
security bug in Microsoft’s Internet Explorer browser to surreptitiously
install malware on the computers of federal government workers involved
in nuclear weapons research, researchers …
http://arstechnica.com/security/2013/05/internet-explorer-zero-day-exploit-targets-nuclear-weapons-researchers/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+arstechnica%2Findex+

<http://arstechnica.com/security/2013/05/internet-explorer-zero-day-exploit-targets-nuclear-weapons-researchers/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+arstechnica%2Findex+>

Microsoft has issued an emergency security patch (Flame malware)

Microsoft has issued an emergency security patch (Flame malware) (FIX LINK!)
DOWNLOAD FIX: (OR at RUN Windows Updates)
Microsoft Knowledge Base Article 2718704
http://support.microsoft.com/kb/2718704

Fw: US-CERT Current Activity – Unauthorized Microsoft Digital Certificates
http://tech.groups.yahoo.com/group/BlueCollarPCSecurity/message/1777
This document can also be found at
http://www.us-cert.gov/current/#microsoft_unauthorized_digital_certificates
INFECTED?
Flamer removal tool from Bitdefender
Help Net Security
It goes places where other spyware doesn’t go, retrieves information others don’t retrieve, and ensures the infected computer has no privacy whatsoever,”said Catalin Cosoi, Bitdefender’s Chief Security Researcher. “Luckily, the Bitdefender removal tool …
http://www.net-security.org/malware_news.php?id=2128

——–
Microsoft Security Advisory (2718704)
Unauthorized Digital Certificates Could Allow Spoofing
http://technet.microsoft.com/en-us/security/advisory/2718704
Published: Sunday, June 03, 2012
Version: 1.0
Affected Software and Devices
This advisory discusses the following affected software and devices.
Operating System
Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Server Core installation option
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Affected Devices
Windows Mobile 6.x
Windows Phone 7
Windows Phone 7.5
———-

WARNING!
Flame malware hijacks Windows Update to spread from PC to PC
Ars Technica
The Flame espionage malware targeting Iranian computers contains code that can completely hijack the Windows update mechanism that Microsoft uses to distribute security patches to hundreds of millions of its users, security researchers said Monday….
http://arstechnica.com/security/2012/06/flame-malware-hijacks-windows-update-to-propogate/

INFECTED?
Flamer removal tool from Bitdefender
Help Net Security
It goes places where other spyware doesn’t go, retrieves information others don’t retrieve, and ensures the infected computer has no privacy whatsoever,”said Catalin Cosoi, Bitdefender’s Chief Security Researcher. “Luckily, the Bitdefender removal tool …
http://www.net-security.org/malware_news.php?id=2128

Homeland Security warns businesses about new cyber weapon
Examiner.com
Webroot said they first encountered a sample of Flame malware in December 2007. Researchers believe Duqu may have been created in August 2007. The first variant of Stuxnet did not appear on computers until June 2009. Cyber security experts at Kaspersky …
http://www.examiner.com/article/homeland-security-warns-businesses-about-new-cyber-weapon

Microsoft certificate used to sign Flame malware, issues warning
http://www.zdnet.com/blog/btl/microsoft-certificate-used-to-sign-flame-malware-issues-warning/78980
=========
Cover Story: Cyber spy program Flame compromises Microsoft security system
http://news.yahoo.com/cyber-spy-program-flame-compromises-key-microsoft-security-170651458–abc-news-topstories.html
Microsoft certification authority signing certificates added to the Untrusted
Certificate Store
3 Jun 2012 5:55 PM
IN FULL:
http://blogs.technet.com/b/srd/archive/2012/06/03/microsoft-certification-authority-signing-certificates-added-to-the-untrusted-certificate-store.aspx
“Today, we released Security Advisory 2718704, notifying customers that
unauthorized digital certificates have been found that chain up to a Microsoft
sub-certification authority issued under the Microsoft Root Authority. With this
blog post, we’d like to dig into more technical aspects of this situation,
potential risks to your enterprise, and actions you can take to protect yourself
against any potential attacks that would leverage unauthorized certificates
signed by Microsoft
We’d also like to share how this issue relates to a complex piece of targeted
malware known as “Flame”. As many reports assert, Flame has been used in highly
sophisticated and targeted attacks and, as a result, the vast majority of
customers are not at risk. Additionally, most antivirus products will detect
and remove this malware. That said, our investigation has discovered some
techniques used by this malware that could also be leveraged by less
sophisticated attackers to launch more widespread attacks. Therefore, to help
protect both targeted customers and those that may be at risk in the future, we
are sharing our discoveries and taking steps to mitigate the risk to
customers….. ”
IN FULL
http://blogs.technet.com/b/srd/archive/2012/06/03/microsoft-certification-authority-signing-certificates-added-to-the-untrusted-certificate-store.aspx
RELATED LINK
Security Advisory 2718704,
http://technet.microsoft.com/en-us/security/advisory/2718704

=========

Microsoft certificate used to sign Flame malware, issues warning
ZDNet (blog)
By Zack Whittaker | June 4, 2012, 6:04am PDT
Summary: Microsoft has issued a security advisory warning and a high-priority update after parts of the Flame malware were signed with Microsoft-issued certificates. Microsoft has issued an emergency …
http://www.zdnet.com/blog/btl/microsoft-certificate-used-to-sign-flame-malware-issues-warning/78980

=========

OLDER

Term of the Day: Flame Virus
http://tech.groups.yahoo.com/group/BlueCollarPCSecurity/message/1743

Flame Malware: All You Need to Know
Network World
Because of this, it is an extremely difficult piece of malware to analyze. The reason why Flame is so big is because it includes many different libraries, such as for compression (zlib, libbz2, ppmd) and database manipulation (sqlite3), together with a …
http://www.networkworld.com/news/2012/053012-flame-malware-all-you-need-259713.html?hpg1=bn

FAQ: Flame, the “super spy”
The H
by Jürgen Schmidt The spyware worm Flame is being billed as a “deadly cyber weapon”, but a calmer analysis reveals it to be a tool by professionals for professionals that doesn’t actually have that many new features compared to, say, the widespread …
http://www.h-online.com/security/features/FAQ-Flame-the-super-spy-1587063.html

Flame: Trying to Unravel the Mystery of ‘Sophisticated’ Spying Malware
PBS
Reportedly capable of taking computer screenshots, logging keystrokes and even listening in on office conversations, malware known as “Flame” is grabbing international attention after appearances in Iran and elsewhere in the Middle East….
http://www.pbs.org/newshour/bb/science/jan-june12/theflame_05-30.html

New malware Flame said to be “the most complex threat ever discovered”
allvoices
By arkar
If reports are to be believed, a malware identified as Flame has, for the past two years, been collecting private data from such countries as Iran and Israel and is being described as “one of the most complex threats ever discovered…..
http://www.allvoices.com/contributed-news/12267165-new-malware-flame-detected-said-to-be-the-most-complex-threat-ever-discovered

Flame ‘first Windows-based malware ever observed to use Bluetooth’
CSO (blog)
Despite all the hype I’ve complained about these last few days regarding Flame, there is some interesting research from the vendor community worth noting here,
including the malware’s affinity for Bluetooth. Symantec sent me the details in an email …
http://blogs.csoonline.com/malwarecybercrime/2203/flame-first-windows-based-malware-ever-observed-use-bluetooth

Don’t Get Burned By ‘Flame’ Malware Attack
PCWorld
Weighing in at 20 megabytes, and somewhere around 750000 lines of code, Flame is much closer to a commercial application like Microsoft Word, or Intuit’s Quicken than it is to the vast majority of malware attacks out there. The question is should you …
http://www.pcworld.com/article/256499/dont_get_burned_by_flame_malware_attack.html

UPDATE EDIT…..

Flame malware made to self-destruct after discovery —Symantec
GMA News
Shortly after it was discovered and made public, the “Flame” (or “Flamer”) malware, which security vendors have described as a potent super cyber-weapon, received a command from its creator to self-destruct. According to security vendor Symantec, …
http://www.gmanetwork.com/news/story/261076/scitech/technology/flame-malware-made-to-self-destruct-after-discovery-mdash-symantec
 
Flame authors order infected computers to remove all traces of the malware
Computerworld
By Lucian Constantin IDG News Service – The creators of the Flame cyber-espionage threat ordered infected computers still under their control to download and execute a component designed to remove all traces of the malware and prevent forensic analysis …
http://www.computerworld.com/s/article/9227876/Flame_authors_order_infected_computers_to_remove_all_traces_of_the_malware
 
Flame gets suicide command
Register
By Richard Chirgwin 
The controllers of the Flame malware have apparently reacted to the publicity surrounding the attack by sending a self-destruct command. According to Symantec, some command-and-control machines have sent …
http://www.theregister.co.uk/2012/06/07/flame_suicide_command/
 

User Question: Should I disable updates then update programs when necessary?

Hey all…. I go by the handle of “antibotnet @ yahoo.com” at Yahoo Answers > Security. Here is a new question I am blogging as answer contents are pretty standard ven as a “form answer” for these type standard questions you meet over and over again, all slightly different:

 

Should I disable updates then update programs when necessary?
“I’m a rookie network administrator. I sysprep my machines twice a year on a schedule. I’m thinking this time I should lock down the usual but also disable all updates from all software and Windows 7. When an update comes along that is worthy I can then update the machines individual. Last time I used GPO it uninstall all the programs instead of installing them. Very odd. I’ve heard it is “unsafe’ to not always update your OS but I’m thinking almost everything were using is web-based. What do you all think?
Note: I will always let AVG update. ”
FULL:
http://answers.yahoo.com/question/index;_ylt=AnyXcm_aRycJOo1WdNm9.Ksw5XNG;_ylv=3?qid=20120328130039AAzYR2o

This is very specific to your network usage in security and allowances. Anywhere from a Home Network all the way up to Home/Small Business (and anything in between) is indicated and you were not specific. Generally, I don’t know anyone that would give away this type consultation for free, as generally IT Security et al freelancing can start with a preliminary environment evaluation at price, (which is what I do) adding hourly flat fee starting at $150.00 and then a contract price for specific services rendered — which is apparently what you are seeming to ask for free – a Preliminary Environment Evaluation, or onsite impression of existing set up.

TIP: Basically as far as computer security, the general recommendations are all things up to date all the time. Security Updates are not eye candy. They are for specific necessary defense which left undone can cause a liability for you personally according to whatever the network usage is. SEE the infamous JiffyLube case whereby they were held responsible. That should put you in the right frame of mind and away from bad disingenuous advice.

TIP: Windows Updates have historically not been found at fault at all when applied when some programs/softwares may have been “broken”. This has been historically the software creator(s) fault – NOT Microsoft Windows Updates. That is one example of less than acceptable IT people that ignorantly always chronically blame Microsoft for all the “woes” that are, in reality, virtually always self made or lax third party softwares faults.

TIP: Security wise – ALL softwares are to be up to date ALL the time with vendor updates. Secunia PSI is excellent. Installed softwares are a “SOFT TARGET” for cyber criminal crimewares now to gain entry into the system or network.

Have Hardware Firewalls been activated additionally – and as well in modems ?

NOTICE: Security Updates via Windows Updates are ONLY sent out each Second Tuesday of the month (if any, usually are) which has been dubbed “Patch Tuesday”. If there is an Emergency Patch such as for a new “zero day threat” – these are issued as soon as ready – immediately – as an “OUT OF CYCLE PATCH” as an emergency patch.

IMPORTANT: It is difficult to determine your “twice yearly” updating mentioned as you did not give specifics. Try and be very particular and clear about items with detail. If you meant Windows Updates – well as you can see, and as you mentioned, you are definitely a “rookie network administrator ” as you say and the PCs in network are most likely in severe need of upgrading immediately.
If you meant OS (operating system) Upgrades twice yearly – that does not make sense as these Upgrades have been the releases of XP, Vista, Windows 7 and then 8 – as example and years apart, not occurring ” twice yearly”.

ADVICE: Considering cyber events as corporate “Blended Threats” , CEO type Phishing targeting, bots, I would re-evaluate your “security solution” mentioned as bi-yearly patching and AVG Business. There are a good handful of products well above in quality and documented defense such as Trend Micro for one. You can be polite to a mutt – but will it defend you as completely as a well trained thorough bred ? Or run away squealing and yelping ?

Source(s):
http://en.wikipedia.org/wiki/Group_Policy
http://support.microsoft.com/kb/302577

 

 

%d bloggers like this: