United States
Anatomy of an ARP Poisoning Attack
WatchGuard Technologies, Inc.
WatchGuard Technologies, Inc.
ProductsPartnersSupportAbout UsHow to BuySearchProfile
 
Products  

Security Articles

Video Tutorials

WatchGuard Feeds

WatchGuard Wire

Radio Free Security

White Papers

Case Studies

Network Security Glossary

WatchGuard Wire
Improve Your Security IQ

Unpatched IE flaw provides fresh reason to avoid ActiveX

Yesterday, Microsoft's new-ish Security Advisory service quietly admitted the existence of a new unpatched Internet Explorer (IE) vulnerability. Microsoft says this new flaw lies in a Dynamic Link Library (DLL), called javaprxy.dll, which IE uses when processing certain specially crafted Web pages. By enticing you to her malicious Web page, an attacker can exploit this flaw to either crash IE or to execute code on your system with your privileges. If you have local administrative privileges, the attacker gains full control of your system.

We first learned about this vulnerability on Wednesday when SEC-Consult, a security research team, posted an alert to many security mailing lists. At the time, their alert claimed that this vulnerability allowed attackers only to crash IE. They mentioned the possibility that an attacker might exploit this new flaw to execute code, but they hadn't successfully done so themselves. Furthermore, SEC-Consult claims they notified Microsoft of this flaw on June 16 only to receive the response that Microsoft couldn't recreate it. The fact that Microsoft couldn't recreate the flaw and SEC-Consult could only confirm that it crashed IE suggested that the vulnerability posed little risk.

Since then, Microsoft has apparently figured out how to recreate this flaw and has confirmed that an attacker could exploit it to execute code. These new developments change this to a high-risk vulnerability. Microsoft hasn't had time to patch this flaw yet, but they offer a workaround. In a nutshell, Microsoft says you should avoid untrusted ActiveX. (Personally, I think you should always follow this advice, regardless of whether or not a new exploit comes out.) If you'd like more details on how to set IE to prompt you whenever it encounters ActiveX, see the "Suggested Action" section of their alert.

As usual, I'll update you here or via LiveSecurity and LiveSecurity Informer when Microsoft makes a patch available. -- Corey Nachreiner

Copyright© 2010 WatchGuard® Technologies, Inc. You may copy and distribute this article freely in any medium as long as you copy and distribute the entire article without change and preserve this copyright statement and notice.