Microsoft Internet Explorer Vulnerability April 2014

Article #:

Product

Castle

1830

All

All

Summary

A vulnerability has been discovered in Microsoft Internet Explorer versions 6 through 11, which allows remote attackers to execute code or cause a denial of service

Problem

As per the below references, this exploit uses a previously unknown use-after-free vulnerability and a flash exploitation technique to access memory and bypass Windows; ASLR and DEP protections.

Solution

As per the https://technet.microsoft.com/en-US/library/security/2963983 it is recommended that you immediately update all client machines running Microsoft Internet Explorer and ensure that Adobe Flash Player is also up to date as this vulnerability uses a Flash exploitation.

At this current time there are no changes or updates required on your Smoothwall to address this.The following resources may help clarify this issue further:

http://blogs.technet.com/b/microsoft_blog/archive/2014/05/01/updating-internet-explorer-and-driving-security.aspx

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1776

http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html

https://www.fireeye.com/blog/threat-research/2013/10/aslr-bypass-apocalypse-in-lately-zero-day-exploits.html

http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html

Attribution:

Last updated:

Author:

Contributions by:

27th March 2017

 

DMT

SN

 

Copyright © 2000-2016 Smoothwall All rights reserved.