So the attackers can avoid ASLR because mscorie.dll wasn't compiled with the /DYNAMICBASE option?? Way to go... introduce new security feature, then have one of your own dlls not implement said security feature.
Face, meet palm.
Microsoft warned on Wednesday of a new zero-day vulnerability in Internet Explorer. The flaw creates a means for hackers to inject malware onto vulnerable systems, providing surfers are first tricked into visiting booby-trapped websites. As such the flaw poses a severe drive-by download risk. All established version of IE ( …
Yes, it's embarrassing, but what will be really embarrassing is if they now spend a month without a patch. After all, they've identified that an essential part of the exploit is MSCORIE.dll not being flagged as dynamically re-locatable, and it must be quite stunningly easy to verify that it would be safe to flip that bit because you actually need to try quite hard to create a DLL that isn't safely relocatable. (To judge from their mitigation advice, they've already done this part.)
So, Microsoft, how long will it take to create a patch that flips one bit in one DLL header?
Not *technically* a security bug in Calculator, but there is a security escalation vulnerability in the Help file for Calculator that in some versions of Windows can be used to open a command prompt or execute other applications that a limited user account is otherwise barred from executing.
Come on El Reg. I challenge you to go through all your archives and count the number of articles that have said exactly the same thing. 'Zero Day bug for IE'.
While you are at it and in the spirit of goodwill, how about letting us comment to articles written my AO?
Why does he not allow the readership to comment on his work? Are you trying to hide something? Will it be leaked to WikiLeaks?
Come on El Reg, let us know. That will surely be far more interesting than Zerod Day IE Exploits especially at this time of year.
That's me done until 2011. Off down the Brewery to pick up my order for Advent Ale.
Apparently, you've never seen/used the Windows Update feature baked into WinXP-Win7? Last I checked, IE was only necessary (on WinXP only) to manually download patches from MS. Since Vista, the OS simply uses the Windows Update interface to present patches to install. Even in XP, you can cause Windows Update to manually fetch patches. No need for IE.
Interesting phrasing in the linked MS technet article "the only public ways to evade ASLR and DEP is through..."
So, presumably then MS has non-public techniques to get around those protections. Not a real surprise, I guess, but is this another case of security through obscurity? That always works out so well...
We will be applying new Microsoft patches to all our desktop computers to enhance the security of Internet Explorer 6. Please be aware of corporate policy not to attempt to install unauthorised third party browsers. Non-MIcrosoft browsers are not supported by our IT team or by Microsoft.
Please refrain from using sites, developed by trendy web designers, known to have issues with IE6, such as Facebook or Google Maps. PLease use Microsoft services instead.