CVE-2013-3893 – ISC Threat Level: Yellow

[Due to the fact that this new threat is getting pretty good attention across the security vendors and researchers I thought would be good to write a short summary about it.]

Microsoft released security advisory # 2887505 on the 17th September announcing vulnerability (CVE-2013-3893) impacting Internet Explorer versions 6 through 11. Microsoft, Fireeye, TrendMicro and SANS are aware of targeted attacks that attempt to exploit this vulnerability. Furthermore, the Internet Storm Center (SANS) increased their Infocon threat level to yellow due to increased evidence of exploits in the wild.  FireEye has discovered a campaign leveraging this vulnerability labeled Operation Deputy Dog part 1 and part 2. Websense reports that up to 70% of PCs are vulnerable. More in-depth technical details about how this Use After Free vulnerability in IE’s HTML rendering engine (mshtml.dll) is being exploited can be found on Microsoft Security Research and Defense blog.

IE users are advised to apply the Microsoft Fix it solution, “CVE-2013-3893 MSHTML Shim Workaround“, that prevents exploitation of this issue and deploy the Enhanced Mitigation Experience Toolkit (EMET) to protect against exploitation until a permanent fix is released. In addition there are set of workarounds that Microsoft encourages IE users to deploy. For the perimeter, Checkpoint, Juniper, Mcafee, SourceFire, Tipping point and the all the other major vendors have signature for it.

Since this attack could pose a serious security threat to your intellectual property, the Operation Deputy Dog camping done by Fireeye contains some indicators that could be searched across your logs (Unique HTTP Agent ID, Filenames, IP Addresses, Domain names) and/or used on your security infrastructure.

If you are concerned about the risk associated with this vulnerability please exercise caution when visiting websites or opening email addresses from suspicious senders.

Advertisements
Tagged ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

gb_master's /dev/null

... and I said, "Hello, Satan. I believe it's time to go."

Source Code Auditing, Reversing, Web Security

Finding Hidden codes in the software

BruteForce Lab

security, programming, devops, visualization, the cloud

Count Upon Security

Increase security awareness. Promote, reinforce and learn security skills.

Naked Security

Computer Security News, Advice and Research

Didier Stevens

(blog \'DidierStevens)

malwology

Adventures in double-clicking malware / by Anuj Soni

Rational Survivability

Hoff's Ramblings about Information Survivability, Information Centricity, Risk Management and Disruptive Innovation.

SANS Internet Storm Center, InfoCON: green

Increase security awareness. Promote, reinforce and learn security skills.

TaoSecurity

Increase security awareness. Promote, reinforce and learn security skills.

Schneier on Security

Increase security awareness. Promote, reinforce and learn security skills.

Technicalinfo.net Blog

Increase security awareness. Promote, reinforce and learn security skills.

Lenny Zeltser

Increase security awareness. Promote, reinforce and learn security skills.

Krebs on Security

In-depth security news and investigation

%d bloggers like this: