Microsoft Releases Out-Of-Band Patch For IE 0-Day Vulnerability


Ah Microsoft is treating this one seriously after France and Germany advised users to avoid IE.

The current strain being exploited only targets IE6 users, but one security company has developed an exploit for IE8 which also bypasses DEP (Data Execution Prevention).

It was rumoured this was the exploit used last week to compromise Google and various other high profile networks. Although I am skeptical as to why anyone was using IE inside Google? Perhaps doing cross browser testing for development, who knows.

Microsoft will release an out-of-band patch Jan. 21 to fix the Internet Explorer vulnerability at the center of recent attacks on Google and other enterprises.

According to Microsoft, the patch is slated to be ready around 1 p.m. EST. If all goes according to plan, the patch will close a hole that has prompted France and Germany to advise users to avoid IE and the U.S. State Department to demand answers from China. Attackers have used the vulnerability to hit IE 6. Microsoft so far has said it has only seen limited, targeted attacks using the vulnerability.

Meanwhile, security researchers have continued to uncover information about the origin of the attack. Joe Stewart, director of malware research for SecureWorks’ Counter Threat Unit, said his analysis of the code for the main Trojan involved in the attacks shows a more direct link to China.

It’s very rare for them to push an out-of-band patch for anything but I guess there are still a LOT of IE users out there and this is a serious flaw.

It does seem to originate from China with the only discussions about the technical parts of the flaw and implementation being discussed on Chinese language sites.

As can be seen by a Google search here (“crc_ta[16]”), after the first few English news sites reporting the flaw the rest of the results are in Chinese.

According to Stewart, the code includes a CRC (cyclic redundancy check) algorithm implementation released as part of a Chinese-language paper on optimizing CRC algorithms for use in microcontrollers.

“This CRC -16 implementation seems to be virtually unknown outside of China, as shown by a Google search for one of the key variables, ‘crc_ta[16],'” Stewart noted in a SecureWorks blog post Jan. 20. “At the time of this writing, almost every page with meaningful content concerning the algorithm is Chinese.”

Up until this finding, Stewart told eWEEK, the factors leading people to point to China were patterns similar to previous Chinese malware.

“Unfortunately, when investigating malware, nothing is conclusive because digital evidence can be forged,” he said. “However, I believe the use of the Chinese algorithm certainly gives more credence to the attack code being Chinese in origin.”

They really have no choice but to release this patch when faced with government pressure, you should see it hitting your Windows Update sometime today (Jan 21st).

Let’s hope this patch has been tested properly and doesn’t subject users to another black screen of death.

It’s good to see some proactive initiatives by Microsoft, I hope they continue through 2010.

Source: eWeek

Posted in: Hacking News

, , , , , , , , , , , , ,


Latest Posts:


Axiom - Pen-Testing Server For Collecting Bug Bounties Axiom – Pen-Testing Server For Collecting Bug Bounties
Project Axiom is a set of utilities for managing a small dynamic infrastructure setup for bug bounty, basically a pen-testing server out of the box with 1-line.
Quasar RAT - Windows Remote Administration Tool Quasar RAT – Windows Remote Administration Tool
Quasar is a fast and light-weight Windows remote administration tool coded in C#. Used for user support through day-to-day administrative work to monitoring.
Pingcastle - Active Directory Security Assessment Tool Pingcastle – Active Directory Security Assessment Tool
PingCastle is a Active Directory Security Assessment Tool designed to quickly assess the Active Directory security level based on a risk and maturity framework.
Second Order - Subdomain Takeover Scanner Tool Second Order – Subdomain Takeover Scanner Tool
Second Order Subdomain Takeover Scanner Tool scans web apps for second-order subdomain takeover by crawling the application and collecting URLs (and other data)
Binwalk - Firmware Security Analysis & Extraction Tool Binwalk – Firmware Security Analysis & Extraction Tool
Binwalk is a fast and easy to use Python-based firmware security analysis tool that allows for firmware analysis, reverse engineering & extracting of firmware.
zBang - Privileged Account Threat Detection Tool zBang – Privileged Account Threat Detection Tool
zBang is a risk assessment tool for Privileged Account Threat Detection on a scanned network, organizations & red teams can use it to identify attack vectors


One Response to Microsoft Releases Out-Of-Band Patch For IE 0-Day Vulnerability

  1. Chas February 4, 2010 at 1:57 am #

    Darknet, the