Gladiator Research and Security

GSA Reference Number: AD100119-01

Simply Put: A new Internet Explorer remote code execution exploit has been released.  There is evidence that this exploit is being used in limited, targeted attacks on the Internet.  For now, no widespread worms or exploit packs are currently using this vulnerability.  Microsoft has not released a patch, but is currently researching the issue and hopefully will release one soon.  Reports have been published linking this exploit to the Google hacking incident.  According to this Microsoft article, an out-of-band patch will be released for this vulnerability.

GSA Reference Number: AD091124-01

Simply Put: Microsoft Internet Explorer (IE) 6 and 7 are vulnerable to a remote code execution vulnerability.  This vulnerability was released to the public earlier this week.  Currently, this exploit is not deemed reliable, meaning that it is difficult to exploit consistently.  However, there will most likely be a reliable version released in the near future.  This exploit also could be triggered by an HTML email message if using Microsoft Outlook, Outlook Express, or Microsoft Mail, as these products use IE to display these messages.

GSA Reference Number: AD090218-01

Simply Put: An Internet Explorer 7 vulnerability patched in the latest installment of Microsoft updates is now being exploited by malware authors.  The patch, designated MS09-002, fixed a memory corruption vulnerability, which can cause remote code execution.

GSA Reference Number: AD081216-01

Simply Put: Microsoft will be releasing an out-of-band patch today, December 17, to address the critical Internet Explorer vulnerability currently being exploited by malicious websites.  The patch affects Internet Explorer 6 and 7 and is rated critical by Microsoft.  Since this exploit allows remote code execution, Gladiator recommends applying the patch as soon as possible.

There has been more information released about the Internet Explorer (IE) 0-day vulnerability.  Microsoft has stated now that the vulnerability affects more versions of IE than previously thought.  Vulnerable versions include IE 7, IE 8 (beta), IE 6 (non-SP2) and IE 5.  Gladiator recommends that users switch to a different browser for the time being.  Using Internet Explorer for banking applications that are not compatible with other browsers is fine, but do not use IE to browse the Internet.

Internet Explorer 7 has a new 0-day exploit, meaning that it is currently being exploited through malicious websites and there is no patch available.  If a user visits a malicious site, there is a possibility that an attacker could run arbitrary code on the system.  The exploit appears to use a vulnerability in Internet Explorer’s handling of XML code.  This issue has been confirmed for users with IE 7 running Windows XP or Windows 2003.   Further details are not available at this time. Gladiator recommends that users run the Firefox browser, if possible, for general web browsing until a patch is released.

Microsoft has released 8 new patches resolving 6 critical and 2 important vulnerabilities found in its various products.  The vulnerability for the Visual Basic 6.0 ActiveX Control has publicly available exploit code, so it should be patched as soon as possible. The products with critical severity vulnerabilities include:

• GDI
• Windows Search
• Internet Explorer
• Visual Basic 6.0 Runtime Extended Files (ActiveX Controls)
• Microsoft Office Word
• Microsoft Office Excel