Microsoft Released Security Advisory for Vulnerability in Internet Explorer

Today Microsoft released security advisory against vulnerabilities  in internet explorer 6,7,8,9 but internet explorer 10 is not affected according to post.
according to post :” A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. “
Microsoft officially suggested in advisory 
 ” At this time, EMET is provided with limited support and is only available in the English language. For more information, see Microsoft Knowledge Base Article 2458544.

rapid7 team ( team behind development of well know metasploit project ) published detailed info about this exploit with exploit code

official suggestion :
Configure EMET for Internet Explorer from the EMET user interface
  • To add iexplore.exe to the list of applications using EMET, perform the following steps:
  • Click Start, All Programs, Enhanced Mitigation Experience Toolkit, and EMET 3.0.
  • Click Yes on the UAC prompt, click Configure Apps, then select Add. Browse to the application to be configured in EMET.
  • For 32-bit installations of Internet Explorer the location is:
  • C:\Program Files (x86)\Internet Explorer\iexplore.exe
  • Note For 32-bit systems, the path is c:program filesInternet Exploreriexplore.exe
  • For 64-bit installations of Internet Explorer the location is:
  • C:Program FilesInternet Exploreriexplore.exe
  • Click OK and exit EMET.
but its best idea to dont use internet explorer until Microsoft release a patch for this vulnerability till then use google chrome or mozilla firefox 
Tagged With : -
Add Comment