Severity: High
Summary:
- These vulnerabilities affect: Internet Explorer 9 (IE 9)
- How an attacker exploits them: By enticing one of your users to visit a malicious web page
- Impact: An attacker can execute code on your user’s computer, often gaining complete control of it
- What to do: Install Microsoft’s Internet Explorer 9 update immediately, or let Windows Automatic Update do it for you
Exposure:
During Patch Day, Microsoft released a security bulletin to fix two vulnerabilities in Internet Explorer 9 (IE9). The flaws only affect IE 9, and not previous versions of Microsoft’s popular browser.
Though the two flaws differ technically, they both stem from IE inappropriately accessing a previously deleted object. These sorts of invalid access vulnerabilities often result in memory corruptions, which attackers can expertly leverage to force code to execute on your computer, with your privileges.
So in short, if an attacker can lure you to a web site with specially crafted code, he can exploit this flaw to execute code on your computer. If you have local administrator privileges, the attacker gains complete control of your PC.
As an aside, hackers commonly target legitimate web sites and booby-trap them with malicious code, by exploiting various web application vulnerabilities. In other words, you can sometimes encounter these sorts of “drive-by download” attacks even while visiting trusted, legitimate web sites.
If you’d like to know more about the technical differences between these flaws, see the “Vulnerability Information” section of Microsoft’s bulletin.
Solution Path:
These updates fix serious issues. You should download, test, and deploy the appropriate IE 9 patches immediately, or let Windows Automatic Update do it for you. You can find links to the various IE updates in the “Affected and Non-Affected Software” section of Microsoft’s IE security bulletin. If you use IE 8 or below, you do not have to update.
For All WatchGuard Users:
These attacks travel as normal-looking HTTP traffic, which you must allow if your network users need to access the World Wide Web. Therefore, the patches above are your best solution.
That said, WatchGuard’s Gateway Antivirus and Intrusion Prevention Service can often prevent these sorts of attacks, or the malware they try to distribute. We highly recommend you enable our security services on your WatchGuard XTM and XCS appliances.
Status:
Microsoft has released patches to fix these vulnerabilities.
References:
This alert was researched and written by Corey Nachreiner, CISSP.