| Microsoft Internet Explorer 0day Vulnerability Exploded Again Fast Pre-Alert and Prevention Measures from NSFOCUS |
| |
Following the Microsoft's IE browser "Aurora" 0day vulnerability that was disclosed on January 14 this year which triggers a large-scale Trojan horse attacks, a serious 0day vulnerability (Microsoft IE malformed object operation memory corruption flaw CVE-2010-0806) broke out on Microsoft's IE browser again yesterday affecting all the major versions of IE browsers including IE7.0, IE6.0 SP1, and IE6.0, etc.
Due to a memory corruption vulnerability in the handling of illegal operations, a remote attacker could execute code on the user's system and take complete control of the system by luring users to visit a malicious Web page. This is a 0day vulnerability. Attacks exploiting this vulnerability were reported presently, and with the spread of technical details, will potentially be exploited in more large-scale Trojan horse attacks. Microsoft Co. has been informed of this vulnerability and has started to do some research about it. But until now, no security patches for this vulnerability are available.
For such a situation, security experts of NSFOCUS implemented a quick study of the vulnerability, and developed detection rules and prevention algorithms within 2 days of its exposure. NSFOCUS also applies these technologies to relevant products:
- NSFOCUS Remote Security Assessment System (RSAS V5.0.6.22 and later versions) can detect the vulnerability accurately.
- NSFOCUS Network Intrusion Prevention System (NIPS V5.6.0.106 and later versions) can discover and block attacks targeting at this vulnerability.
- NSFOCUS Network Intrusion Detection System (NIDS V5.6.0.106 and later versions) can detect attacks targeting at this vulnerability effectively.
Since no official security patch is released by Microsoft Co., this vulnerability may cause severe harm to your network. NSFOCUS recommends users to harden the host by adjusting the security level of the host and the browser. (For workaround of this vulnerability, please consult NSFOCUS Alert 2010-04 at: http://www.nsfocus.net/index.php?act=alert&do=view&aid=110.)
Enterprise-level users can promptly adjust the security rules of corporate firewall and intrusion protection products, to meet the security risks of this vulnerability. Users who have no relevant NSFOCUS products deployed can consult NSFOCUS technical engineers for workaround. |
| |
| |
|
| |
About NSFOCUS
NSFOCUS Information Technology Co., Ltd is committed to researching network and system security issues, developing high-end network security products, and providing professional network security consultation services. We provide international competitive products and services on DDoS prevention, network intrusion prevention and detection, remote security assessment, and Web security.
More detailed information is available at http://www.nsfocus.com
|
|
|
|
