Results 1 to 11 of 11
  1. #1
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    2,138
    Thanks
    102
    Thanked 208 Times in 181 Posts

    Exclamation Flash exploit targeting Internet Explorer versions 8 through 11

    FireEye Research Labs identified a new Internet Explorer (IE) zero-day exploit used in targeted attacks. The vulnerability affects IE6 through IE11, but the attack is targeting IE9 through IE11. This zero-day bypasses both ASLR and DEP. Microsoft has assigned CVE-2014-1776 to the vulnerability and released security advisory to track this issue.

    The exploit leverages a previously unknown use-after-free vulnerability, and uses a well-known Flash exploitation technique to achieve arbitrary memory access and bypass Windows’ ASLR and DEP protections.

    Mitigation

    Using EMET may break the exploit in your environment and prevent it from successfully controlling your computer. EMET versions 4.1 and 5.0 break (and/or detect) the exploit in our tests.
    Enhanced Protected Mode in IE breaks the exploit in our tests.
    EPM was introduced in IE10.
    Additionally, the attack will not work without Adobe Flash. Disabling the Flash plugin within IE will prevent the exploit from functioning.
    http://www.fireeye.com/blog/uncatego...d-attacks.html

    https://technet.microsoft.com/en-US/...curity/2963983

  2. Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 7, Windows 8, Windows XP, Firefox, Internet Explorer, Google, etc. Join our 480,000 subscribers!

    Excel 2013: The Missing Manual

    + Get this BONUS — free!

    Get the most of Excel! Learn about new features, basics of creating a new spreadsheet and using the infamous Ribbon in the first chapter of Excel 2013: The Missing Manual - Subscribe and download Chapter 1 for free!

  3. The Following 3 Users Say Thank You to satrow For This Useful Post:

    bobby-p (2014-04-28),Dick-Y (2014-04-27),Sudo15 (2014-04-27)

  4. #2
    New Lounger
    Join Date
    Mar 2010
    Location
    South Melbourne, Victoria, Australia
    Posts
    17
    Thanks
    0
    Thanked 0 Times in 0 Posts
    satrow,

    So many videos, especially uTube, depend on the Flash Player. Constantly enabling & disabling the Flash Plugin, is a pain! Disabling the flash player plugin isn't a good solution.

    A better solution IMHO is stop using IE, it's a dog !
    There are much better browser options or choices. IE: Chrome, Comodo Dragon or Firefox to name a few. Just a thought!
    They also use a Flash Plugin, their own version, so not sure if they also suffer from the exploit.
    Does anyone know ?

  5. #3
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    2,750
    Thanks
    80
    Thanked 339 Times in 306 Posts
    Quote Originally Posted by huntsman View Post
    There are much better browser options or choices. IE: Chrome, Comodo Dragon or Firefox to name a few. Just a thought!
    Yes, IE is generally the best browser.

    But it's certainly now a bad choice on XP.


    Quote Originally Posted by huntsman View Post
    They also use a Flash Plugin, their own version, so not sure if they also suffer from the exploit.
    Does anyone know ?
    No; this current flaw is in IE, not Flash (although Flash is used by the current IE attacks).

    The Microsoft Security Advisory linked above doesn't mention Flash at all, because there could be other means of exploiting the IE flaw (in vgx.dll).

    I think only IE and Chrome have their own Flash updates.


    Bruce

  6. #4
    New Lounger
    Join Date
    Mar 2010
    Location
    South Melbourne, Victoria, Australia
    Posts
    17
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by BruceR View Post
    Yes, IE is generally the best browser.

    But it's certainly now a bad choice on XP.



    No; this current flaw is in IE, not Flash (although Flash is used by the current IE attacks).

    The Microsoft Security Advisory linked above doesn't mention Flash at all, because there could be other means of exploiting the IE flaw (in vgx.dll).

    I think only IE and Chrome have their own Flash updates.


    Bruce
    Sorry Bruce..my bad. When I said IE: (meaning, for instance) Chrome etc, maybe I should have said.. EG: Chrome etc.

    Internet Explorer is not my 1st choice, if ever. I only use it, when M$ updates force me to use it.
    Microsoft seems to think everyone who uses IE are tech types & know what all the IE options mean. Most of those I look after, don't have a clue what all the settings in IE mean or do ! Some of M$ explanations leave me puzzled & scratching my head & I've been working with the technology for 45 years..!

    If you implement this M$ work around, to the letter, and don't remember to back them out when a fix is released.... future updates will probably fail!. Great !! More hand holding for many users.

    Still, I guess, something, is better than nothing, especially for XP, which is stuck with IEV8 & it is only going to get worse! The die-hard users will hang on, experiencing more & more problems from virus or malware attacks as time passes! If they suffer enough, & they will, maybe they'll get the message ?

  7. #5
    Silver Lounger
    Join Date
    Aug 2012
    Location
    UK
    Posts
    1,822
    Thanks
    30
    Thanked 248 Times in 242 Posts
    As you can enable Enhanced Protected Mode (>=IE 10), this seems to be an easy workaround, although as you will be running IE in 64 bit mode then you would also need to install the 64 bit version of Java should you use any sites that require it.

    Flashplayer has also had its own problems not connected with the IE exploit and recently released a security update http://nakedsecurity.sophos.com/2014...tch-for-flash/

    www.adobe.com
    Last edited by Sudo15; 2014-05-01 at 04:04.

  8. #6
    2 Star Lounger
    Join Date
    Nov 2010
    Posts
    137
    Thanks
    0
    Thanked 8 Times in 8 Posts
    Per the all IE versions zero day vulnerability. Below's some info from Symantec.

    http://www.symantec.com/connect/blog...let-loose-wild

    I did disable vgx.dll; not the first time this dll was exploited in some fashion or form, but it will be the first time that no solution for XP users will be patched.
    Last edited by BruceR; 2014-05-01 at 10:06. Reason: Changed "all browsers" to "all IE versions"

  9. #7
    Silver Lounger
    Join Date
    Aug 2012
    Location
    UK
    Posts
    1,822
    Thanks
    30
    Thanked 248 Times in 242 Posts
    Quote Originally Posted by lylejk View Post
    Per the all browsers zero day vulnerability. Below's some info from Symantec.

    http://www.symantec.com/connect/blog...let-loose-wild

    I did disable vgx.dll; not the first time this dll was exploited in some fashion or form, but it will be the first time that no solution for XP users will be patched.
    I daresay there will be those who are already working on an exploit for XP itself.

  10. #8
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    2,138
    Thanks
    102
    Thanked 208 Times in 181 Posts
    MS have decided to patch XP against this, as well as supported OS's, see here: http://windowssecrets.com/forums/sho...visory-2963983

  11. #9
    2 Star Lounger
    Join Date
    Feb 2010
    Location
    Coon Rapids, Mn
    Posts
    127
    Thanks
    12
    Thanked 1 Time in 1 Post
    Quote Originally Posted by huntsman View Post
    Sorry Bruce..my bad. When I said IE: (meaning, for instance) Chrome etc, maybe I should have said.. EG: Chrome etc.

    Internet Explorer is not my 1st choice, if ever. I only use it, when M$ updates force me to use it.
    Microsoft seems to think everyone who uses IE are tech types & know what all the IE options mean. Most of those I look after, don't have a clue what all the settings in IE mean or do ! Some of M$ explanations leave me puzzled & scratching my head & I've been working with the technology for 45 years..!

    If you implement this M$ work around, to the letter, and don't remember to back them out when a fix is released.... future updates will probably fail!. Great !! More hand holding for many users.

    Still, I guess, something, is better than nothing, especially for XP, which is stuck with IEV8 & it is only going to get worse! The die-hard users will hang on, experiencing more & more problems from virus or malware attacks as time passes! If they suffer enough, & they will, maybe they'll get the message ?
    You don't need to use IE to run Windows update. You can switch a Firefox tab to an IE tab and run Windows Update in that tab, it is so good it even fools Microsoft. :^)

  12. #10
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    2,750
    Thanks
    80
    Thanked 339 Times in 306 Posts

  13. #11
    New Lounger
    Join Date
    Jan 2009
    Location
    Whidbey Island, Washington, USA
    Posts
    23
    Thanks
    1
    Thanked 0 Times in 0 Posts

    An e-blast from Steve Gibson's research center

    I got my first ever e-mail from Gibson Research (Steve Gibson) about this. I shall quote:

    Web browsers are growing insanely complex. It's pretty clear that they will be our next-generation operating platforms. And as the last annual "Pwn2Own" contest showed, none of them can currently withstand the focused attention of skilled and determined attackers, especially when some prize money is dangled on the other side of the finish line.

    With most recent exploits, the path to exploitation is convoluted and complex. In this case it depends upon somehow encountering malicious Web content with IE's ActiveScripting enabled, which loads an Adobe SWF (Shockwave FLASH) file which, in turn, uses JavaScript in this vulnerable version of IE (presently all versions of IE). But it does this via an obscure and readily disabled VML (Vector Markup Language) rendering extension.

    Thus, to immediately protect any use of Internet Explorer – yes, even on creaky old WinXP (the XPocalypse has been delayed) – simply execute the following incantation using either a Windows Command Prompt or the "Run..." dialog under the Start button (if you're lucky
    enough to still have one on your Windows desktop):


    regsvr32 -u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"

    This unregisters (-u) the VML renderer, thus rendering it inaccessible to the exploit attempt. Your IE browser will no longer be able to render vector markup language content... but it probably never did before, anyway.
    /Steve.


    For 64-bit Windows:
    regsvr32 -u "%CommonProgramFiles(x86)%\Microsoft Shared\VGX\vgx.dll"

    Make sure you include the end double-quote when doing the command. I haven't seen any problems using IE (v. 11) since doing this on all 5 PCs I own.
    Last edited by cutedeedle; 2014-05-06 at 12:16. Reason: update command for 64 bit Windows
    There are 10 kinds of people in the world:
    Those who understand binary
    and those who don't.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •