[CCoE Notice] Vulnerability in Internet Explorer Could Allow Remote Code Execution - RISK: HIGH - TLP: WHITE

Luong, Kiet A KDLuong at Central.UH.EDU
Tue Apr 29 09:59:11 CDT 2014 

Good morning,

Based on this recommendation from the campus security team, please DO NOT use Internet Explorer as your web browser until further notice.  Alternate web browsers are typically Mozilla Firefox, Safari and Google Chrome should be used instead.  Firefox should have been installed as an alternate browser by our group for the majority of the college supported computers.

If you have any issues using alternate web browsers, or if you need any help determining which web browser you're using, please do not hesitate to email me for help.  It is vital that you discontinue the use of Internet Explorer (IE) immediately.  Computers that are victims of this vulnerability will grant total access to hackers who will be able to view your emails, documents, web browsing data (e.g. banking website passwords), research data, student data, etc.

Thank you for your attention and cooperation in this matter.

Kiet Luong
Director of Engineering Computing
College Information Security Officer
Cullen College of Engineering
University of Houston
Email: KietL at uh.edu
Voice: 713.743.9974



From: security-officer-bounces+mdickerson=uh.edu at lists.state.tx.us<mailto:security-officer-bounces+mdickerson=uh.edu at lists.state.tx.us> [mailto:security-officer-bounces+mdickerson=uh.edu at lists.state.tx.us] On Behalf Of Block, Edward
Sent: Monday, April 28, 2014 8:27 AM
To: 'security-officer at lists.state.tx.us'; security at lists.state.tx.us<mailto:security at lists.state.tx.us>
Subject: [Security-officer] FW: CIS CYBER SECURITY ADVISORY - Vulnerability in Internet Explorer Could Allow Remote Code Execution - RISK: HIGH - TLP: WHITE
Importance: High

This morning Microsoft released an advisory on a vulnerability in Internet Explorer (all versions are affected, apparently) which can potentially give an attacker complete control of the victim system.

At this point there is NO patch available.  The chief recommendation is to use an alternate browser until a patch is made available.

Thank you,
Eddie


Edward Block, J.D., CISSP, CIPP/G, CISA
Deputy Chief Information Security Officer, State of Texas
Texas Department of Information Resources
300 West 15th Street | Suite 1300 | Austin, TX 78701
v.512.463.8807
edward.block at dir.texas.gov<mailto:edward.block at dir.texas.gov>

[cid:image001.jpg at 01CF62BB.A4028A30]<http://www.google.com/imgres?um=1&hl=en&sa=N&biw=1920&bih=899&tbm=isch&tbnid=ANjrOQiG7DIOVM:&imgrefurl=http://www.texanng.com/&imgurl=http://www.texanng.com/images2/DIR%2520logo-wht.jpg&w=680&h=344&ei=BONIUI2gFdDPqQGjxIHQCA&zoom=1&iact=hc&vpx=145&vpy=160&dur=3555&hovh=160&hovw=316&tx=120&ty=88&sig=103186915858507473096&page=1&tbnh=85&tbnw=169&start=0&ndsp=54&ved=1t:429,r:0,s:0,i:76>






TLP:WHITE
CIS CYBER SECURITY ADVISORY

CIS ADVISORY NUMBER:
2014-039

DATE(S) ISSUED:
4/28/2014

SUBJECT:
Vulnerability in Internet Explorer Could Allow Remote Code Execution

EXECUTIVE SUMMARY:
A vulnerability has been discovered in Microsoft's web browser, Internet Explorer, which could allow an attacker to take complete control of an affected system. Successful exploitation of this vulnerability could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

THREAT INTELLIGENCE:
It should be noted that there is currently no patch available for this vulnerability and it is currently being exploited in the wild. Microsoft is reporting targeted attacks that attempt to exploit this vulnerability in Internet Explorer 6 through Internet Explorer 11.

SYSTEMS AFFECTED:
*   Microsoft Internet Explorer 6
*   Microsoft Internet Explorer 7
*   Microsoft Internet Explorer 8
*   Microsoft Internet Explorer 9
*   Microsoft Internet Explorer 10
*   Microsoft Internet Explorer 11

RISK:
Government:
*   Large and medium government entities: High
*   Small government entities: High

Businesses:
*   Large and medium business entities: High
*   Small business entities: High

Home users: High

TECHNICAL SUMMARY:
A vulnerability has been reported affecting all versions of Internet Explorer that could allow for remote code execution. This vulnerability exists due to the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code, in the context of the current user, within Internet Explorer. An attacker could host a specially crafted website designed to take advantage of this vulnerability, and then convince or trick an unsuspecting user to visit their site.

Successful exploitation of this vulnerability could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

It should be noted that there is currently no patch available for this vulnerability and it is currently being exploited in the wild.  Microsoft is reporting targeted attacks that attempt to exploit this vulnerability in Internet Explorer 6 and Internet Explorer 11.

RECOMMENDATIONS:
We recommend the following actions be taken:

*      Consider using an alternate browser until a patch is made available for the vulnerable versions of Internet Explorer.

*      Consider implementing Microsoft's Enhanced Mitigation Experience Toolkit (EMET) as it has been reported to make the vulnerability difficult to exploit.

*      Run Internet Explorer with Protected Mode enabled

*      Set Internet and Local intranet security zone settings to "High"

*      Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.

*      Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.

REFERENCES:
Fireeye:
http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html

Microsoft:
https://technet.microsoft.com/en-US/library/security/2963983
http://technet.microsoft.com/en-US/security/jj653751

CVE:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1776

The Center for Internet Security (CIS)
Security Operations Center
31 Tech Valley Drive
East Greenbush, NY 12061
7x24 SOC: 1-866-787-4722 (518-266-3488)
Email: soc at cisecurity.org<mailto:soc at cisecurity.org%22%20/t%20%22_blank>
www.cisecurity.org<http://www.cisecurity.org/%22%20/t%20%22_blank>
Follow us @CISecurity


TLP:WHITE
Traffic Light Protocol (TLP): WHITE information may be distributed without restriction, subject to copyright controls.
http://www.us-cert.gov/tlp/<http://www.us-cert.gov/tlp/%22%20/t%20%22_blank>
This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments.
. . .
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://Bug.EGR.UH.EDU/pipermail/engi-dist/attachments/20140429/dcd2957e/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 5674 bytes
Desc: image001.jpg
Url : http://Bug.EGR.UH.EDU/pipermail/engi-dist/attachments/20140429/dcd2957e/attachment-0001.jpg

More information about the Engi-Dist mailing list