Extremely Critical Exploit Of Ie6 Vulnerability Now In The Wild

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

2 Pages
1
2
→

You cannot start a new topic
You cannot reply to this topic

Extremely Critical Exploit Of Ie6 Vulnerability Now In The Wild

#1 Security Geek

Member

Group: Members
Posts: 39
Joined: 10-March 06

Posted 23 March 2006 - 09:02 PM

An extremely critical exploit of IE6 "createTextRange()" Code Execution" vulnerability is now in the wild. SANS Internet Storm Center has raised the threat condition to Yellow and Secunia is labeling this "Extremely Critical", their highest threat rating. No patch is currently available so either be extremely careful where you surf or switch browsers to Firefox or Opera.

You can read more at NIST.org. Please return here to post comments.

NIST.org- It's not enough to be secure, you have to prove you're secure.™

#2 acklan

Bleepin' cat's meow

Group: Members
Posts: 8,524
Joined: 11-January 05
Location:Baton Rouge, La.

Posted 24 March 2006 - 07:44 AM

Is there a reason you choose not to link to the SANS report directly? I do not question if you quoted acturately, it would be nice to have the full report and the secondary information they list with it.
While no biggie the complete article is very informative...

http://www.sans.org/top20/#w2

"2007 & 2008 Windows Shell/User Award"

#3 Security Geek

Member

Group: Members
Posts: 39
Joined: 10-March 06

Posted 24 March 2006 - 09:14 PM

Quote

The article I linked to contained 4 different links (SANS, Secunia, MS, and CNet) with the thought that this article would get updated as more information came out. Its just easier to make all the changes in one place.

The link you provided does tell people how to turn off active scripting and ActiveX controls. Even MS is recommending people turn off ActiveX to mitigate for this exploit. I just keep asking myself what reasons are left to keep using Internet Explorer.

SANS has lowered the threat condition back to Green. But their reason why sounds like they just wanted everyone's stress level to go down for the weekend.

Quote

We feel that everyone that is going to has reacted to the latest exploit for IE and wanted to start the weekend in normal mode.

But then they say:

Quote

We do want to remind everyone however that this is a serious problem. We have received information that at least a dozen sites exist out there that are working the exploits.

So the problem is only getting worse so you can't actually relax. They should have just left it at yellow.

NIST.org- It's not enough to be secure, you have to prove you're secure.™

#4 tg1911

Lord Spam Magnet

Group: Site Admin
Posts: 18,434
Joined: 06-May 04
Gender:Male
Location:SW Louisiana

Posted 24 March 2006 - 10:10 PM

Security Geek, on Mar 24 2006, 08:14 PM, said:

I just keep asking myself what reasons are left to keep using Internet Explorer.

Windows Updates
The only reason I can think of. :thumbsup:

MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, GPU: eVGA GeForce 9800 GTX+, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#5 rms4evr

Distinguished Member

Group: Members
Posts: 811
Joined: 11-October 05
Gender:Female
Location:East Coast

Posted 24 March 2006 - 11:16 PM

tg1911, on Mar 24 2006, 10:10 PM, said:

Security Geek, on Mar 24 2006, 08:14 PM, said:

I just keep asking myself what reasons are left to keep using Internet Explorer.

Windows Updates
The only reason I can think of. :thumbsup:

LOL!!!!

#6 Rimmer

Forum Addict

Group: Members
Posts: 2,159
Joined: 18-March 05
Location:near Sydney, Australia

Posted 25 March 2006 - 12:37 AM

Quote

Windows Updates
The only reason I can think of. smile.gif

That and certain software bundles which refuse to install unless you have IE . I got caught today with a DVD burner package which would not install without IE 5.5 or higher being present. :thumbsup:

Soltek QBIC, Pentium 4 3.0GHz, 512MB RAM, 200GB SATA HDD, ATI Radeon 9600XT 256MB, Netgear 54Mb/s WAP, ridiculously expensive Satellite Broadband
Windows XP Home SP2, Trend Micro Internet Security, Firefox, Thunderbird, AdAwareSE, Spybot S&D, SpywareBlaster, A-squared Free, Ewido Security Suite.

#7 quietman7

Bleepin' Janitor

Group: Global Moderator
Posts: 25,111
Joined: 09-July 05
Location:Virginia, USA

Posted 25 March 2006 - 07:59 AM

Well, there is always this for windows update run from Firefox: http://windowsupdate.62nds.com/

Another alternative is to install the IE Tab add-on extension for Firefox, you can perform windows update checks from there as well as perform online scans that normally require IE.

Install the Add-on from here: https://addons.mozilla.org/extensions/morei...ication=firefox

Microsoft MVP - Consumer Security 2007-2012

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#8 quietman7

Bleepin' Janitor

Group: Global Moderator
Posts: 25,111
Joined: 09-July 05
Location:Virginia, USA

Posted 27 March 2006 - 11:46 AM

More news today: Internet Explorer exploits in the wild

Microsoft MVP - Consumer Security 2007-2012

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#9 jgweed

Forum Addict

Group: Global Moderator
Posts: 27,228
Joined: 11-April 04
Gender:Male
Location:Chicago, Il.

Posted 27 March 2006 - 12:22 PM

According to this blog at the Washington Post, over 200 sites have been infected with code:
http://blog.washingtonpost.com/securityfix...plorer_f_1.html

Regards,
John

Whereof one cannot speak, thereof one should be silent.

#10 Security Geek

Member

Group: Members
Posts: 39
Joined: 10-March 06

Posted 27 March 2006 - 05:50 PM

And to make matters worse this vulnerability is now actively being exploited through email attachments. Its recommended to treat all mail attachments with .HTA, .HTM, and .HTML extensions as suspect until this matter is resolved. See SANS.org advisory.

NIST.org- It's not enough to be secure, you have to prove you're secure.™

#11 quietman7

Bleepin' Janitor

Group: Global Moderator
Posts: 25,111
Joined: 09-July 05
Location:Virginia, USA

Posted 28 March 2006 - 07:55 AM

Third party offers temporary IE fix

Microsoft MVP - Consumer Security 2007-2012

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#12 jgweed

Forum Addict

Group: Global Moderator
Posts: 27,228
Joined: 11-April 04
Gender:Male
Location:Chicago, Il.

Posted 28 March 2006 - 11:39 AM

NOTE:

All members should be advised that you use third-party "fixes" at your own risk.
As of this writing the code to the fix has not been made public, and has not been examined by independent experts. While this could change at any time, it would not mitigate a cautious approached to installing any third-party security fixes.
Most users would be better off using the work-arounds suggested, such as using an alternate browser and disabling (even 'though a pain) active X scripting in IE, and reading all E-mails in "plain text" mode.
Regards,
John

This post has been edited by jgweed: 28 March 2006 - 11:39 AM

Whereof one cannot speak, thereof one should be silent.

#13 quietman7

Bleepin' Janitor

Group: Global Moderator
Posts: 25,111
Joined: 09-July 05
Location:Virginia, USA

Posted 28 March 2006 - 12:20 PM

jgweed is correct.

The article clearly quotes a Microsoft's Security Response Center spokesman as stating "Microsoft doesn't recommend installing eEye's fix."

Microsoft MVP - Consumer Security 2007-2012

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#14 quietman7

Bleepin' Janitor

Group: Global Moderator
Posts: 25,111
Joined: 09-July 05
Location:Virginia, USA

Posted 28 March 2006 - 02:15 PM

Microsoft tests fix for IE bug as exploits appear

Microsoft MVP - Consumer Security 2007-2012

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#15 quietman7

Bleepin' Janitor

Group: Global Moderator
Posts: 25,111
Joined: 09-July 05
Location:Virginia, USA

Posted 30 March 2006 - 03:34 PM

Quote

This is an update to earlier alerts posted...Attackers have begun spamming e-mail lures in an attempt to attract users to infected websites. These e-mail messages contain excerpts from actual BBC news stories and offer a link to "Read More". Users who follow this link are taken to a website that is a spoofed copy of the BBC news story from the e-mail...

websensesecuritylabs.com/alerts

Microsoft MVP - Consumer Security 2007-2012

BleepingComputer.com: Extremely Critical Exploit Of Ie6 Vulnerability Now In The Wild

Extremely Critical Exploit Of Ie6 Vulnerability Now In The Wild

#1 Security Geek

#2 acklan

#3 Security Geek

#4 tg1911

#5 rms4evr

#6 Rimmer

#7 quietman7

#8 quietman7

#9 jgweed

#10 Security Geek

#11 quietman7

#12 jgweed

#13 quietman7

#14 quietman7

#15 quietman7

Share this topic:

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users

Delete Post

Skin and Language

Execution Stats

BleepingComputer.com: Extremely Critical Exploit Of Ie6 Vulnerability Now In The Wild

Extremely Critical Exploit Of Ie6 Vulnerability Now In The Wild

Share this topic:

1 User(s) are reading this topic 0 members, 1 guests, 0 anonymous users

Delete Post

Skin and Language

Execution Stats

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users