• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Two IE Bulletins Double the Browser Updates

February 12, 2013 By Corey Nachreiner

Severity: High

Summary:

  • These vulnerabilities affect: Internet Explorer (IE) 10 and earlier
  • How an attacker exploits them: Typically, by enticing one of your users to visit a web page with malicious content
  • Impact: Various; In the worst case, an attacker can execute code on your user’s computer, often gaining complete control of it
  • What to do: Install Microsoft’s Internet Explorer updates immediately, or let Windows Automatic Update do it for you

Exposure:

In a relatively unusual move, Microsoft released two Internet Explorer (IE) security bulletins today, rather than their typical single cumulative update. Combined, the two bulletins fix 14 vulnerabilities in the popular web browser, many of which allow attackers to execute code on vulnerable Windows systems.

We summarize the two bulletins below:

  • MS13-009: February IE Cumulative Update

This update fixes 13 vulnerabilities in IE, most of them being  “use after free” vulnerabilities similar to the ones Microsoft fixed with last month’s out-0f-cycle IE bulletin.  By luring one of your users to a web site containing malicious code, a remote attacker can exploit most of these vulnerabilities to execute code on your computer, with your privileges.  As always, if you have local administrator privileges, the attacker could exploit this issue to gain complete control of your computer.

Microsoft rating: Critical

  • MS13-010: VML Memory Corruption Vulnerability

Vector Markup Language (VML) is a graphics standard for creating 2D vector illustrations with XML files. The VML component in IE suffers from a memory corruption vulnerability having to do with how it allocates buffers. By enticing your users to a web site with specially crafted content, a remote attacker could exploit this flaw to execute code on that user’s computer, with the user’s privileges. Since most Windows users have local administrative privileges, this sort of attack often gives the attacker complete control of their computers.

Microsoft rating: Critical

Malicious hackers often leverage these types of vulnerabilities in drive-by download attacks, and they also target legitimate web sites and booby-trap them with malicious code. In other words, you can sometimes encounter these sorts of “drive-by download” attacks even while visiting trusted, legitimate web sites. We recommend you update your IE users immediately.

Solution Path:

These updates fix serious issues. You should download, test, and deploy the appropriate IE patches immediately, or let Windows Automatic Update do it for you.

The links below point directly to the “Affected and Non-Affected Software” section of each bulletin, where you can find links to the various updates:

  • MS13-009
  • MS13-010

For All WatchGuard Users:

These attacks travel as normal-looking HTTP traffic, which you must allow if your network users need to access the World Wide Web. Therefore, the patches above are your best solution.

That said, WatchGuard’s Gateway Antivirus and Intrusion Prevention Service can often prevent these sorts of attacks, or the malware they try to distribute. For instance, our IPS team has created signatures for  the following:

  • Various “use after free” vulnerabilities – CVE-2013-0018, CVE-2013-0019, CVE-2013-0020, CVE-2013-0021, CVE-2013-0022, CVE-2013-0023, CVE-2013-0024, CVE-2013-0025, CVE-2013-0026, CVE-2013-0027, CVE-2013-0028, CVE-2013-0029
  • JIS character encoding vulnerability – CVE-2013-0015
  • VML memory corruption vulnerability – CVE-2013-0030

These signatures will be available in our next IPS update, which should come out shortly. We highly recommend you enable our security services on your WatchGuard XTM and XCS appliances, and keep IPS and AV up to date.

Status:

Microsoft has released patches to fix these vulnerabilities.

References:

  • MS Security Bulletin MS12-009
  • MS Security Bulletin MS12-010

This alert was researched and written by Corey Nachreiner, CISSP (@SecAdept).

Share This:

Related

Filed Under: Security Bytes Tagged With: drive-by download, Internet Explorer, IPS, Microsoft, Remote code execution (RSE), VML

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • Here Come The Regulations
  • An Update on Section 230

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • 3CX Supply Chain Attack
  • The NSA’s Guidance on Securing Authentication
  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use