Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Internet Explorer Bug HP Microsoft Security

HP Researchers Disclose Details of Internet Explorer Zero Day 49

Trailrunner7 writes: Researchers at HP's Zero Day Initiative have disclosed full details and proof-of-concept exploit code for a series of bugs they discovered that allow attackers to bypass a key exploit mitigation in Internet Explorer. The disclosure is a rarity for ZDI. The company typically does not publish complete details and exploit code for the bugs it reports to vendors until after the vulnerabilities are fixed. But in this case, Microsoft has told the researchers that the company doesn't plan to fix the vulnerabilities, even though the bugs were serous enough to win ZDI's team a $125,000 Blue Hat Bonus from Microsoft. The reason: Microsoft doesn't think the vulnerabilities affect enough users.

The vulnerabilities that the ZDI researchers submitted to Microsoft enable an attacker to fully bypass ASLR (address space layout randomization), one of the many mitigations in IE that help prevent successful exploitation of certain classes of bugs. ZDI reported the bugs to Microsoft last year and disclosed some limited details of them in February. The researchers waited to release the full details until Microsoft fixed all of the flaws, but Microsoft later informed them that they didn't plan to patch the remaining bugs because they didn't affect 64-bit systems.
This discussion has been archived. No new comments can be posted.

HP Researchers Disclose Details of Internet Explorer Zero Day

Comments Filter:
  • Internet Explorer? (Score:5, Insightful)

    by ArcadeMan ( 2766669 ) on Tuesday June 23, 2015 @05:18PM (#49973191)

    Even Microsoft doesn't care about Internet Explorer anymore, why should we?

    • They are pushing their new "more secure" Edge browser now.
      If they keep fixing IE, what can they claim Edge is more secure than?

    • by Anonymous Coward

      Even Microsoft doesn't care about 32-bit Internet Explorer anymore, why should anyone?

      FTFY

      -AC

  • some people still use that crap?

    • Exactly what I was thinking. They're right, the vulnerability doesn't effect enough users: it's in Internet Explorer.
    • Re:IE? (Score:4, Funny)

      by KiloByte ( 825081 ) on Tuesday June 23, 2015 @07:07PM (#49973781)

      What else will you download Firefox with on a new system?

  • So, Microsoft thinks there aren't many people with 32-bit versions of Windows that use vulnerable versions of Internet Explorer.

    Even if they are wrong today, they will be right as soon as word of this gets out and people start panicking.

    • I doubt that most Windows users will ever hear of it. The vulnerability will probably be around for years to come providing years of entertainment for security professionals and identity theft resolution departments.

      • It isn't a vulnerability, it's a counter-mitigation technique. So 32-bit Windows isn't as effective at mitigating unknown vulnerabilities as 64-bit Windows; nothing new there.

    • by bloodhawk ( 813939 ) on Tuesday June 23, 2015 @05:37PM (#49973307)

      Read the details of the exploit. Even a successful exploitation of this yields Sweet fuck All for the attacker. You need to be running on 32 bit, have some sort of software that publishes cookies on localhost like a local website and all you get is the cookie. The vulnerability would be applicable to a fraction of a percent of machines and even then it isn't exactly giving up the crown jewels.

      • No, those are two unrelated issues. There's an exploit against IE that allows an attacker to steal localhost cookies. This affects both 32-bit and 64-bit Windows, and will presumably be patched in due course. Then there's a new counter-mitigation technique, which only affects IE on 32-bit Windows, and which Microsoft apparently aren't planning to fix. That one might allow an attacker, in possession of an exploit that potentially allows code execution, to run code when the mitigation would otherwise have

    • Except for the US Navy and their shiny new $1.9 million contract to maintain Windows XP. I wonder how many installations are 32-bit...
    • "So, Microsoft thinks there aren't many people with 32-bit versions of Windows that use vulnerable versions of Internet Explorer."

      There are thousands upon thousands of people still running this. I work for a very large national corporation who, unfortunately, still use WinXP and IE7.
      • I'm not sure IE7 even includes the mitigations that this technique defeats. If you run old software, you're more exposed to bugs - nothing new about that.

  • by l0n3s0m3phr34k ( 2613107 ) on Tuesday June 23, 2015 @05:38PM (#49973309)
    "is not too rare" per TFA. That seems to be part of said vulnerability. I've had some major clients run a localized IIS / SQL This won't effect the majority of users then, but it will specifically effect a huge number of corporate users. One client that has a setup that would be affected, with 5000+ users...who also have very juicy account info, at least for other large pharma corps who are also doing trials on diabetic drugs, cardio drugs, etc.
  • I could have read about this on Secunia, my windows xp would have never had any problems.

    Oh wait, I only run linux in my house.

  • The documented exploits are almost completely worthless, especially: "As for local IP address disclosure, this can be used to map an organization behind a NAT,"

    Guess this 'researcher' has never considered using IPv6.
  • The vulnerability described in the first link appears to be completely unrelated to the vulnerability discussed in the second link. One is a straightforward information exposure vulnerability, the other is a counter-mitigation technique that bypasses ASLR.

    I've checked the detailed reports, too; neither "ASLR" nor "mitigation" appear in the first report, and neither "cookies" nor "localhost" appear in the second report. They're from different people and different organizations. Apart from the fact that th

You know you've landed gear-up when it takes full power to taxi.

Working...