Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Extremely Critical Exploit Of Ie6 Vulnerability Now In The Wild


  • Please log in to reply
17 replies to this topic

#1 Security Geek

Security Geek

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 23 March 2006 - 09:02 PM

An extremely critical exploit of IE6 "createTextRange()" Code Execution" vulnerability is now in the wild. SANS Internet Storm Center has raised the threat condition to Yellow and Secunia is labeling this "Extremely Critical", their highest threat rating. No patch is currently available so either be extremely careful where you surf or switch browsers to Firefox or Opera.

You can read more at NIST.org. Please return here to post comments.

BC AdBot (Login to Remove)

 


#2 acklan

acklan

    Bleepin' cat's meow


  • Members
  • 8,529 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Baton Rouge, La.
  • Local time:08:58 AM

Posted 24 March 2006 - 07:44 AM

Is there a reason you choose not to link to the SANS report directly? I do not question if you quoted acturately, it would be nice to have the full report and the secondary information they list with it.
While no biggie the complete article is very informative...

http://www.sans.org/top20/#w2
"2007 & 2008 Windows Shell/User Award"

#3 Security Geek

Security Geek
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 24 March 2006 - 09:14 PM

Is there a reason you choose not to link to the SANS report directly? I do not question if you quoted acturately, it would be nice to have the full report and the secondary information they list with it.
While no biggie the complete article is very informative...
http://www.sans.org/top20/#w2


The article I linked to contained 4 different links (SANS, Secunia, MS, and CNet) with the thought that this article would get updated as more information came out. Its just easier to make all the changes in one place.

The link you provided does tell people how to turn off active scripting and ActiveX controls. Even MS is recommending people turn off ActiveX to mitigate for this exploit. I just keep asking myself what reasons are left to keep using Internet Explorer.

SANS has lowered the threat condition back to Green. But their reason why sounds like they just wanted everyone's stress level to go down for the weekend.

We feel that everyone that is going to has reacted to the latest exploit for IE and wanted to start the weekend in normal mode.

But then they say:

We do want to remind everyone however that this is a serious problem. We have received information that at least a dozen sites exist out there that are working the exploits.

So the problem is only getting worse so you can't actually relax. They should have just left it at yellow.

#4 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:08:58 AM

Posted 24 March 2006 - 10:10 PM

I just keep asking myself what reasons are left to keep using Internet Explorer.

Windows Updates
The only reason I can think of. :thumbsup:
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#5 rms4evr

rms4evr

  • Members
  • 812 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:East Coast
  • Local time:10:58 AM

Posted 24 March 2006 - 11:16 PM


I just keep asking myself what reasons are left to keep using Internet Explorer.

Windows Updates
The only reason I can think of. :thumbsup:


LOL!!!! :flowers:

#6 Rimmer

Rimmer

  • Members
  • 2,159 posts
  • OFFLINE
  •  
  • Location:near Sydney, Australia
  • Local time:12:58 AM

Posted 25 March 2006 - 12:37 AM

Windows Updates
The only reason I can think of. smile.gif


That and certain software bundles which refuse to install unless you have IE . I got caught today with a DVD burner package which would not install without IE 5.5 or higher being present. :thumbsup:

Soltek QBIC, Pentium 4 3.0GHz, 512MB RAM, 200GB SATA HDD, ATI Radeon 9600XT 256MB, Netgear 54Mb/s WAP, ridiculously expensive Satellite Broadband
Windows XP Home SP2, Trend Micro Internet Security, Firefox, Thunderbird, AdAwareSE, Spybot S&D, SpywareBlaster, A-squared Free, Ewido Security Suite.

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:58 AM

Posted 25 March 2006 - 07:59 AM

Well, there is always this for windows update run from Firefox: http://windowsupdate.62nds.com/

Another alternative is to install the IE Tab add-on extension for Firefox, you can perform windows update checks from there as well as perform online scans that normally require IE.

Install the Add-on from here: https://addons.mozilla.org/extensions/morei...ication=firefox
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:58 AM

Posted 27 March 2006 - 11:46 AM

More news today: Internet Explorer exploits in the wild
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 jgweed

jgweed

  • Staff Emeritus
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:09:58 AM

Posted 27 March 2006 - 12:22 PM

According to this blog at the Washington Post, over 200 sites have been infected with code:
http://blog.washingtonpost.com/securityfix...plorer_f_1.html

Regards,
John
Whereof one cannot speak, thereof one should be silent.

#10 Security Geek

Security Geek
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 27 March 2006 - 05:50 PM

And to make matters worse this vulnerability is now actively being exploited through email attachments. Its recommended to treat all mail attachments with .HTA, .HTM, and .HTML extensions as suspect until this matter is resolved. See SANS.org advisory.

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:58 AM

Posted 28 March 2006 - 07:55 AM

Third party offers temporary IE fix
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 jgweed

jgweed

  • Staff Emeritus
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:09:58 AM

Posted 28 March 2006 - 11:39 AM

NOTE:

All members should be advised that you use third-party "fixes" at your own risk.
As of this writing the code to the fix has not been made public, and has not been examined by independent experts. While this could change at any time, it would not mitigate a cautious approached to installing any third-party security fixes.
Most users would be better off using the work-arounds suggested, such as using an alternate browser and disabling (even 'though a pain) active X scripting in IE, and reading all E-mails in "plain text" mode.
Regards,
John

Edited by jgweed, 28 March 2006 - 11:39 AM.

Whereof one cannot speak, thereof one should be silent.

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:58 AM

Posted 28 March 2006 - 12:20 PM

jgweed is correct.

The article clearly quotes a Microsoft's Security Response Center spokesman as stating "Microsoft doesn't recommend installing eEye's fix."
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:58 AM

Posted 28 March 2006 - 02:15 PM

Microsoft tests fix for IE bug as exploits appear
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:58 AM

Posted 30 March 2006 - 03:34 PM

This is an update to earlier alerts posted...Attackers have begun spamming e-mail lures in an attempt to attract users to infected websites. These e-mail messages contain excerpts from actual BBC news stories and offer a link to "Read More". Users who follow this link are taken to a website that is a spoofed copy of the BBC news story from the e-mail...

websensesecuritylabs.com/alerts
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users