Monday, November 11, 2013

Zero day flaw in Internet explorer exposes Windows 7 and Windows XP

There it goes again, a new day , a new exploit attacking Internet explorer users in Windows XP and Windows 7. It's notable that they are the most popular OS in the world with a share of nearly 75% combined.

According to the researchers at the security company FireEye. They have found two different exploits which attacks Internet explorer under Windows XP and Windows 7.
First of all, Internet Explorer has an information disclosure vulnerability used to “retrieve the timestamp from the PE headers of msvcrt.dll,” according to the company.“The timestamp is sent back to the attacker’s server to choose the exploit with an ROP chain specific to that version of msvcrt.dll. This vulnerability affects Windows XP with IE 8 and Windows 7 with IE 9,” it noted.

The second one is a memory access vulnerability that’s aimed at the English versions of IE7 and 8 on Windows XP and on Windows 7.“This exploit has a large multi-stage shellcode payload. Upon successful exploitation, it will launch rundll32.exe (with CreateProcess), and inject and execute its second stage (with OpenProcess, VirtualAlloc, WriteProcessMemory, and CreateRemoteThread). The second stage isn’t written to a file as with most common shellcode, which usually downloads an executable and runs it from disk,” FireEye also mentioned in a security advisory.

Microsoft will most likely won't release a patch for this exploit as it would take some time to create a patch for this exploit and IE 10 and IE 11 under Windows 7 or Windows 8/8.1 remain unaffected with this exploit which shows that Microsoft has improved the security in it's latest versions of the browser.

No comments:

Post a Comment