Posts Tagged ‘Microsoft Internet Explorer’

How, How, How… It’s Christmas !

Posted by spaquet on January 3, 2011  |   Comments Off

Well, looks like Microsoft is giving away some gifts to best friends “hackers” thanks to an other best friend: Googlebot.

According to Michal Zalewski, a security researcher at Google, data concerning at least one “clearly exploitable crash” in the Microsoft browser was inadvertently disclosed to people who were using a Chinese IP address. Details about the bug, which resides in the mshtml.dll component, were stored on a server that had accidentally been indexed by Google…

The bug leads to arbitrary crashes in the EIP, or extended instruction pointer, of machines running the Microsoft browser. Zalewski said the flaw “is pretty much fully attacker-controlled.” It was uncovered using cross_fuzz, a security tool the researcher developed in his spare time more than two years ago to identify potential security vulnerabilities in IE, Firefox, and other browsers. Since its release, the tool has helped to identify nearly 100 various browser bugs.

More information can ben obtained at Michal’s blogs : here and here

Internet Explorer 7 “Safe Mode”

Posted by spaquet on December 18, 2010  |   Comments Off

Microsoft introduced in Internet Explorerv version 7 a “protected mode” intended to prevent exploit code from accessing sensitive parts of Windows (like Registry settings, and more).

However, a group of Verizon Researchers wrote a paper (available here) on a way to exploit an unpatched vulnerability to gain access to all machines having the Local Intranet Zone enabled.

If confirmed, this by-pass offers a way to carry out stealthy drive-by exploits even when victims are using recent versions of Internet Explorer with a feature known as Protected Mode, as it combines the facts that sockets are not subject to Mandatory Integrity Control and that sites in the Local Intranet Zone are rendered with Protected Mode disabled.

UP4B offers a wide range of process and network analysis to make sure that your network is protected against what is really important for your business: information leak, network protection (penetration testing,…), network availability and more.

Feel free to contact us for more information on our IT Security services and get your company IT Sec ready.