IE7 Exploit Also Affects IE5, IE6 and IE8! More Users In Trouble

I’m sure you’ve heard about the Microsoft IE7 Exploit that allows Remote Code Execution on XP & Vista, it turns out it’s actually much worse than first expected.

The exploit also affects IE5.01, IE6 and IE8 on all OS versions! That’s a pretty worrying turn of events for MS especially as they are seemingly leaving it unpatched.

You can find a clarification of the various workarounds for the IE flaw on Technet here.

Researchers are warning that the unpatched security vulnerability in Microsoft’s Internet Explorer affects more versions of the browser than previously thought, and that steps users must take to prevent exploitation are harder than first published.

According to an updated advisory from Redmond, the bug that’s been actively exploited since Tuesday bites versions 5.01, 6, and 8 of the browser, which is by far the most widely used on the web. A previous warning from Microsoft only said that IE 7 was susceptible to the attacks. IE is susceptible when running on all supported versions of the Windows operating systems, Microsoft also says.

What’s more, while there is some protection from Vista’s User Account Control, the measure doesn’t altogether prevent the attack, according to this post on the Spyware Sucks blog. Microsoft and others have suggested that those who must use IE in the next few weeks set the security level to high for the internet security zone or disable active scripting. These are sensible measures, but they don’t guarantee you won’t be pwned, according to this post from the Secunia blog.

Once again Firefox users for the win, this is a flaw in the whole family of Internet Explorer and must effect a shocking amount of users. I guess setting your Security Zone to high and disabling Active Scripting helps but then it also disables a lot of features on a lot of sites.

So you are losing out on the user experience of the web just to be more secure, mostly because Microsoft doesn’t want to release an ad-hoc patch.

Well Google Chrome final version is out now too, so there’s another option for people.

Secunia goes on to revise what it says is the cause of the vulnerability. Contrary to earlier reports that pinned the blame on the way IE handles certain types of data that use the extensible markup language, or XML, format, the true cause is faulty data binding, meaning exploit code need not use XML.

Microsoft has yet to say whether it plans to issue a fix ahead of next month’s scheduled release. For the moment, the volume of in-the-wild attacks remains relatively modest and limited mostly to sites based in China. But because attackers are injecting exploits into legitimate sites that have been compromised, we continue to recommend that users steer clear of IE until the hole has been closed.

Plenty of other researchers have weighed in with additional details about the flaw. Links from SANS, Sophos and Hackademix.

I think an imminent danger is if people start using iframe vulnerabilies and XSS to inject this exploit into some more prominent sites – that could cause a huge spread of infections!

Anyway just let people using IE know that this is another reason they shouldn’t be using it! Show them how to download and install Firefox and please teach them to use Tabs!

Source: The Register

Posted in: Exploits/Vulnerabilities, Windows Hacking

, , , , , , , , , , , , ,

Latest Posts:

Socialscan - Command-Line Tool To Check For Email And Social Media Username Usage Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage
socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username,
CFRipper - CloudFormation Security Scanning & Audit Tool CFRipper – CloudFormation Security Scanning & Audit Tool
CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool
CredNinja - Test Credential Validity of Dumped Credentials or Hashes CredNinja – Test Credential Validity of Dumped Credentials or Hashes
CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.
assetfinder - Find Related Domains and Subdomains assetfinder – Find Related Domains and Subdomains
assetfinder is a Go-based tool to find related domains and subdomains that are related to a given domain from a variety of sources including Facebook and more.
Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.

12 Responses to IE7 Exploit Also Affects IE5, IE6 and IE8! More Users In Trouble

  1. Morgan Storey December 15, 2008 at 9:48 am #

    ie5 up, jeepers. I don’t browse with anything but firefox really, except for some admin websites that seem to require IE. But most of the general polulace uses IE, so I can see this being a major, major vulnerability. Whats better is the bad guys have a month when they maybe off their day job, and everyone else will more than likely be in holiday mode to really get their armies up, this is gonna be big.

  2. Grokh December 15, 2008 at 3:04 pm #

    BTW, tabs were first introduced in Opera.
    Gestures, page zooming, per site settings, undo for closed tabs, content block, cookie management, intelligent pop-up blocking (pop on click), integrated torrent client, new tab quick links and many more were first introduced in Opera. And still work the best on Opera unlike the many crappy “extensions” for Firefox that break on every occasion they have. And do not change with every version. And Opera is faster.. fastest – its UI is not driven by XML & JS!

    IE may be infecting your PCs but FF is infecting your brains…

  3. DasKirch December 15, 2008 at 4:10 pm #

    I say that we use this exploit to install Firefox& delete IE from computers… Who says viruses can’t help people…

  4. Morgan Storey December 15, 2008 at 10:09 pm #

    @Grokh: A lot of what you said was nicely coloured with your own beliefs. Extensions are really what give firefox its power, and there are so many that the power is great. I have extensions to pull my gpg key into gmail and other sites, extensions to generate random passwords and manage them, and the all-important no-script to block bad scripts from untrusted sites. Clickjacking can exploit all browsers (opera is no exception) except if you have ff with no-script.
    I have FF3, IE7, Opera 9.62, Chrome and Safari on my pc. Mostly for testing sites, and I always come back to FF. Especially now with its better use of RAM, even with 50+ tabs open I only hit about 300mb of ram used.
    I will freely admit FF is not the fastest, but it is the most customiseable and useable, and realistically the most secure, the amount of Bugs that come out for opera ie and safari are terrible, at least the ones for FF tend to be negated by stuff like no-script and adblock plus.

  5. Darknet December 16, 2008 at 12:13 am #

    Grokh: Looks like your brain is even more rotten by Opera…it’s made you delusional. The first browser to offer tabbed browsing was InternetWorks in 1994. After that it was Simulbrowse, now called NetCaptor in 1998. Then the Amiga browser IBrowse introduced tabbed browsing in 1999 and finally Opera V4 introduced tabbed browsing in 2000. Same can be said for many of the other features you’ve mentioned, apart from gestures – but who the hell uses those.

  6. Morgan Storey December 16, 2008 at 12:58 am #

    @Darknet: I knew there where others before opera but I was to busy to bother google’ing. As for mouse gestures they are the first thing I turn off, the amount of times I accidentally did something in opera due to a simple accidental mouse movement is crazy, and then when you want to do something if the movements aren’t right it doesn’t work. I am not playing black and white, I don’t want to perform crazy mouse movements to do what can be done in a few taps of the keyboard, seeing as I rarely go to the mouse for much naviagation.

  7. Grokh December 16, 2008 at 5:39 pm #

    Well yeah, but are any of those browsers in use today. Besides both Netcaptor and Simulbrowse are actually IE in disguise! I would consider them shells rather than browsers, huh. I could rephrase myself like “Opera being the first major, still in use browser to offer… “. But the main point is of course that they WORK BETTER now than in any other browser. That’s quite an empirical statement and i don’t want to state it in general for everyone; so Opera is simply better for me. That’s all.
    I agree that FF’s strength (and weakness at the same time) are the extensions. There’re things you can do with FF only. For thgose things it’s worth the extra effort to install extensions, update, change with a new working ones.. There’s no holy grail of web browsers. But for casual browsing Opera offers all that one needs and works best. At least for me.
    As for gestures, I find dragging a link down to open it in a new window quite convenient. But that’s me.

  8. David December 17, 2008 at 5:20 am #

    Minor correction: if this goes back to IE 5, then you’d have to say that IE for Macintosh is unaffected (as IE 5 was the last version on the Mac).

    I should add that the web was no friendlier to IE 5 for Mac than it was to Opera or Firefox (sigh). So much for compatibility.

    Now I’ve reformed: Camino on Mac, Flock on Windows, and Firefox on Linux.

  9. navin December 17, 2008 at 12:44 pm #

    as for me its Firefox on both Linux and Windows and Safari on the mac….I was pretty secure using safari until the recent statements made by Mac CEO’s warning of attacks on Macs

  10. Morgan Storey December 17, 2008 at 11:48 pm #

    @navin: don’t use safari, it is woeful, outdated and probably more vulnerable than IE7…

  11. JoshuaI June 3, 2009 at 8:32 pm #

    @Morgan: IE8 lets website owners use Clickjack prevention on their sites.

    @Darknet: You said “apart from gestures – but who the hell uses those”, well the same can be said about “undo for closed tabs, content block, cookie management, intelligent pop-up blocking (pop on click), integrated torrent client, new tab quick links”. Who uses those? Nobody uses Mouse Gestures, so why does the FireGestures addon for Firefox have over 3.5 million downloads and All In One Gestures have 3.5 million downloads?

    I haven’t seen many people whose brains have been affected by Opera, but you don’t have to be very observant to notice what Firefox does to people’s brains! It’s a browser, but for too many, it is a religion!

    And…what are tabs? Please tell me how to use them. Can I download tabs for IE7/IE8? I have tabs in my folder (in real life).

  12. Morgan Storey June 3, 2009 at 11:21 pm #

    @JoshuaI: And there you said it yourself, “IE8 lets website owners use Clickjack prevention on their sites.” Think about that statement for a second. Basically it means the webmaster has to put in an additional tag to prevent clickjacking, yay. But clickjacking is an issue for users, not as much for webmasters. I visit probably a hundred sites a day and I don’t trust that all the webmasters have secured their site against possible XSS clickjacking or heck even defacement in the form of a javascript payload.
    On your other comments, Every person I know who uses firefox uses undo-close tab, the pop-up blocking is transparent. I do see where you are coming from on the browser/os as a religion. I don’t drink the cool-aid I just use what is best for the job, once something better than FF comes around I will use it. If chrome had the plugins I use in FF I would switch to it. IE is horribly slow so unless it speeds up and gets the same plugins, no dice.