Microsoft Internet Explorer Vulnerability April 2014

Article #: Product Castle
1830 All All

Summary

A vulnerability has been discovered in Microsoft Internet Explorer versions 6 through 11, which allows remote attackers to execute code or cause a denial of service

Problem

As per the below references, this exploit uses a previously unknown use-after-free vulnerability and a flash exploitation technique to access memory and bypass Windows; ASLR and DEP protections.

Solution

As per the https://technet.microsoft.com/en-US/library/security/2963983 it is recommended that you immediately update all client machines running Microsoft Internet Explorer and ensure that Adobe Flash Player is also up to date as this vulnerability uses a Flash exploitation.

At this current time there are no changes or updates required on your Smoothwall to address this.The following resources may help clarify this issue further:

http://blogs.technet.com/b/microsoft_blog/archive/2014/05/01/updating-internet-explorer-and-driving-security.aspx

http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html

https://www.fireeye.com/blog/threat-research/2013/10/aslr-bypass-apocalypse-in-lately-zero-day-exploits.html

http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html

Attribution:

Last updated: Author: Contributions by:
27th March 2017  

DMT

SN