DBSA:2014-0009

From Digibase Knowledge Base
Revision as of 21:45, 29 April 2014 by Kradorex Xeron (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Disclaimer: as technology changes, advisories may become out of date or may no longer be relevant, please refer to the "Date" section of the header to be sure the advisory is recent as pertains to your situation.

Digibase Security Advisory - Internet Explorer Security (RE: Recent 0day)

Keywords: IE, Internet Explorer, Vulnerabilities, 0day, Ongoing Issue

DBSA ID: 2014-0009

Regarding: Internet Explorer Security (RE: Recent 0day)

Writeup: Kradorex Xeron (talk) 21:45, 29 April 2014 (EDT)

Date: 2014 04 29

Last Modified: 20140429214512 by Kradorex Xeron

Who should take note: Everyone

Classification

Priority: MODERATE

Rationale: Continued Use of Internet Explorer may open users up to various security incidents

Severity: HIGH

Rationale: Due to Internet Explorer's integration into Windows, it is deemed that Internet Explorer is too sensitive to expose to the Internet

Spread of Issue: SINGLE-PLATFORM HIGH

Rationale: Affects a large market share of web browser users

Description

Internet Explorer is a web browser software package released by Microsoft, typically bundled with Windows. Recently there has been a 0day released where Internet Explorer versions 6.0 through 11.0 installations may be tricked into executing code from a remote server. This vulnerability permits an attacker to corrupt the browser's memory range where the dropped data may be pushed into executable memory thus executing that injected code. Internet Explorer is heavily integrated into Windows and thus is a potentially sensitive component.

Internet Explorer is an add-on to Windows without direct support and thus doesn't have enough of a security backing to be properly secured by the vendor. This is made apparent by the continued existence of ActiveX and the ongoing integration by the vendor into Windows that places users at risk.

Mitigation/Solution

It is strongly advised to stop usage of Internet Explorer and migrate to another browser platform such as Mozilla Firefox, Opera or a similar browser due to the security history of the browser.

Corporate web application developers are strongly advised to refactor their applications to work under alternate browsers, where cases that this isn't possible, system administrators are advised to lock down Internet Explorer and forbid installations to access the Internet while using it solely for these applications while continuing use of alternate browsers for such use.

References