BETA
This is a BETA experience. You may opt-out by clicking here
Edit Story

Germany Warns Against Internet Explorer; Should CIOs Take Heed?

NetApp

The German government has advised its citizens not to use Microsoft 's (NASDAQ:MSFT) Internet Explorer browser—at least until the latest unpatched vulnerability is fixed. Apparently, all it takes is for an innocent user to stumble on an infected Web page and their PC is immediately infected.

There are published exploits for all current versions of Windows and Internet Explorer, so be careful out there.

On the one hand, Microsoft's advice is to implement a set of workarounds to fight the flaw.

On The Other Hand, why not just switch to a different browser—or are you scared you might like it too much and not want to go back?

image source: Microsoft

Reuters writers Harro Ten Wolde und Jim Finkle schreiben:

The German government...issued the warning as a researcher said he found evidence that [hackers] were seeking to attack defense contractors. ... The German government's Federal Office for Information Security, or BSI, said...[hackers can] lure Web surfers to a website where hackers had planted malicious software that exploited the bug.
...
BSI advised all users of Internet Explorer to use an alternative browser until the manufacturer has released a security update.

Dave Neal channels Microsoft PR:

[It] caused Microsoft to remind everyone...to keep their security software up to date. "There have been an extremely limited number of attacks," said Microsoft Trustworthy Computing director YunSun Wee. ... "We are working on an easy-to-use, one-click fix...but in the meantime we recommend customers make sure their antivirus software is up-to-date."
...
In Germany the BIS has gone further and recommended that Germans put Internet Explorer in the recycling bin.

And Dan Goodin explains more about the flaw:

The attacks are being waged by the same malware group that recently exploited a...zero-day vulnerability in [Java]. The attacks install [a] Trojan when unsuspecting people browse a booby-trapped website.
...
Windows users should avoid using IE until more is known about the vulnerability. ...the attacks are exploiting a use-after-free vulnerability in IE. ... The in-the-wild attacks appear to be targeting only Windows XP systems. But with release of [an exploit] that works on a much wider array of platforms, it wouldn't be surprising to see attacks target [Windows Vista and 7] as well.

Bringer of bad news, Eric Romang, claims to have uncovered the bug:

I can confirm, the zero-day season is really not over. ... [It's] caught by 0 anti-viruses on VirusTotal.
...
Metasploit has released an exploit module "ie_execcommand_uaf"...for IE 7/8/9 on XP/Vista/7.

Jaime Blasco confirms the sighting:

The payload dropped is Poison Ivy as in the previous Java 0day. ... The C&C server configured is ie.aq1.co.uk.
...
Once executed, the payload creates the file C:WINDOWSsystem32mspmsnsv.dll and the service WmdmPmSN.

Too much information? Trevor Pott translates:

...to overcome a particularly nasty bout of insomnia, I decided to find out how exactly how the exploit worked. ...there is some broken code in the MSHTML core component. ... [The exploit] is a textbook attempt to force the browser to reuse the memory. ... With a lot of luck and testing on the hackers' part, it's possible to carefully overwrite the memory [with] malicious code - thus hijacking the flow of execution and putting hackers on the road to compromising the machine.
...
Frightening stuff. This is a really basic view of how to create and then divert execution to a malicious block of memory. ...once you have the memory block in hand, you can do all sorts of fun things.
...
What should give systems administrators the heebie jeebies on this one is just how easy it is to use, and to extend.

Meanwhile, Andy Greenberg keeps it simple, stupid:

Microsoft says it’s working on a patch [and] suggests users implement a collection of workarounds.
...
But there’s a simpler fix than any of these: Use Chrome, Safari, or Firefox.

More from NetAppVoice:


This is OTOH: curated, fluff-free news and commentary, for people too busy to sift the gold from the sludge [NetApp-sponsored content].  Google +richij @richi on Twitter Facebook.com/richij fs@richij.com full profile and disclosure