Ten birds with one stone - Microsoft patches Internet Explorer
Microsoft has released an out-of-schedule update, closing the critical hole in Internet Explorer which has been known for about three weeks (iepeers.dll) – as well as nine further, previously unknown holes. However, not all of the holes are contained in all the supported versions. The risk of a successful attack also varies with the browser version and Windows version targeted. This is due to the improved security features in recent versions of IE (such as protected mode) and Windows (DEP, ASLR).
The "F1 hole" disclosed four weeks ago still remains unpatched. It targets the MsgBox VBScript function, which can download help files (.hlp) from a remote source and execute arbitrary commands via macros contained in these files. However, this does require some user interaction as the user must confirm by pressing the F1 key.
It seems Microsoft did not have enough time to also patch the hole in Internet Explorer 8 recently disclosed during the Pwn2Own contest. Contestant Peter Vreugdenhil managed to crack Internet Explorer 8 on Windows 7 despite ASLR and DEP. The available information about this security hole, however, is currently limited to a rather unspecific post by Vreugdenhil.
See also:
- Cumulative Security Update for Internet Explorer, security advisory from Microsoft.
- Pwn2Own 2010: iPhone hacked - as well as IE 8, Firefox and Safari, a report from The H.
- Exploit for new IE hole, a report from The H.
- Attacks on newly discovered vulnerability in IE 6 and 7, a report from The H.
- Zero day exploit for Internet Explorer, a report from The H.
(crve)