Internet Explorer still a problem child
Microsoft can find no peace with Internet Explorer. At the forthcoming Black Hat security conference, security specialist Jorge Luis Alvarez Medina from Core Security plans to demonstrate vulnerabilities which can be exploited by a crafted website to read arbitrary files from a Windows PC.
The problem is reportedly not new and is based on the failure of Internet Explorer's security zone settings to bite when a path is entered in UNC (Uniform Naming Convention) format in the browser (e.g. \\127.0.0.1\pfad\dateiname). This means that under specific conditions JavaScript from the Internet Zone can access local files, despite the fact that the zone model is intended to prevent this. Medina is to publish details of the vulnerability at the Black Hat conference on the 3rd of February.
Core Security reported two other such cross-domain vulnerabilities to Microsoft in 2008 and 2009 (here and here), for which Microsoft released updates. So far, however, Microsoft has merely patched things up without addressing the actual core problem. There are other routes for getting around the zone model however. According to Medina, these routes are very hard to block, since they relate to fundamental functions of the browser designed to enable it to work seamlessly with other applications.
All versions of Internet Explorer, from version 6 to 8, on all versions of Windows including Windows 7 are affected. Microsoft is reported to have been informed of the problem and to be working with Core Security on a solution. There are no reports of successful attacks making use of this vulnerability. To date neither Medina nor Microsoft have issued any advice on protection.
Just last week, Microsoft was forced to release an emergency patch to fix a critical vulnerability in its browser which is thought to have been used by Chinese hackers to penetrate Google, Adobe and other US businesses.
Users should consider using an alternative, such as Firefox, Chrome or Opera. Although these browsers also contain critical security vulnerabilities – with developers frequently fixing critical bugs in Firefox in particular – there have so far been almost no zero day exploits for these vulnerabilities. Criminals continue to concentrate their attacks on Internet Explorer. Firefox's growing market share may mean, however, that it too could soon find itself under increasing fire.
See also:
- Microsoft Security Bulletin MS10-002 - Critical, security advisory from Microsoft.
- Security feature of Internet Explorer 8 unsafe, a report from The H.
- Windows hole discovered after 17 years, a report from The H.
- Internet Explorer hole: Help is at hand, a report from The H.
- Hole in Internet Explorer: Good news and bad news, a report from The H.
- Targeted attacks on businesses continue, a report from The H.
- Warning over using Internet Explorer from German Government as exploit goes public, a report from The H.
(crve)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
