Symantec Security Response has confirmed that a new proof-of-concept exploit affects both IE 6 and 7 on Windows XP and Vista platforms
A new proof-of-concept exploit was posted on BugTraq over the weekend that targets a zero-day vulnerability in Internet Explorer. Symantec Security Response has confirmed that the exploit affects both IE 6 and 7 on Windows XP and Vista platforms, but there are possibilities that other versions of IE and Windows may also be affected. The exploit in its current form exhibits inconsistent behaviour in tests conducted by the Response team, however a fully-functional exploit can be expected to follow.
For the attacker to launch a successful attack, they need to lure the victim to a malicious Web page or website they have compromised. The exploit also requires JavaScript to exploit Internet Explorer. The exploit targets a vulnerability in the way IE uses the Cascading Style Sheets (CSS) information. CSS is used in many Web pages to define the presentation of the site’s content.
Symantec detects the exploit with the Bloodhound.Exploit.129 signature, HTTP Microsoft IE Generic Heap Spray BO and HTTP Malicious JavaScript Heap Spray BO IPS signatures. It is anticipated that this exploit will be developed further, therefore new signatures specifically for this exploit are also being created.
Mitigation for consumer users:
To minimise the chances of being affected by this issue, Internet Explorer users should ensure their antivirus definitions are up to date, disable JavaScript and only visit websites they trust until fixes are available from Microsoft. Mitigation for enterprise users:
Run all software as a non-privileged user with minimal access rights
Deploy network intrusion detection systems to monitor network traffic for malicious activity
Do not follow links provided by unknown or untrusted sources
Set web browser security to disable the execution of script code or active content
Implement multiple redundant layers of security
Please let me know if you would like to speak with a Symantec security expert about this threat and what computer users can do to prevent falling victim to this attack.
Press Contacts:
Jasmin Athwal
Max Australia
+61 2 9954 3492
Jasmin.Athwal@maxaustralia.com.au
Debbie Sassine
Symantec
+61 2 8220 7158
Debbie_Sassine@symantec.com
computerword
No comments:
Post a Comment