Monday, December 31, 2012

Microsoft Internet Explorer older versions - Security Advisory 2794220

Security Best Practices, Breaking News, & Updates

Microsoft Internet Explorer older versions - Security Advisory 2794220

This new warning encourages users to avoid key targeted attacks in progress affecting older versions of their browser.? Key Microsoft resources for Microsoft Advisory 2794220 are noted below:
?
http://technet.microsoft.com/en-us/security/advisory/2794220
?
http://blogs.technet.com/b/msrc/archive/2012/12/29/microsoft-releases-security-advisory-2794220.aspx
?
http://blogs.technet.com/b/srd/archive/2012/12/29/new-vulnerability-affecting-internet-explorer-8-users.aspx

QUOTE: In this particular vulnerability, IE attempts to reference and use an object that had previously been freed. The components of an exploit for such a vulnerability are typically the following:

*? Javascript to trigger the Internet Explorer vulnerability
*? Heap spray or similar memory preparation to ensure the memory being accessed after it has been freed is useful
*? A way around the ASLR platform-level mitigation
*? A way around the DEP platform-level mitigation
?
We?ve analyzed four exploits, all the targeted attacks we have seen. They are all very similar:

*? Obfuscated Javascript to trigger the vulnerability
*? Flash ActionScript-based heap spray
*? ASLR bypass using either Java6 MSVCR71.DLL or Office 2007/2010 hxds.dll
*? DEP bypass via chain of ROP gadgets (different ones depending on ASLR bypass)

Source: http://msmvps.com/blogs/harrywaldron/archive/2012/12/30/microsoft-internet-explorer-older-versions-security-advisory-2794220.aspx

geraldo rivera supreme court health care joe oliver joba chamberlain new york mega millions jetblue jetblue

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.