http://technet.microsoft.com/en-us/security/advisory/2719615
http://googleonlinesecurity.blogspot.co.uk/2012/06/microsoft-xml-vulnerability-under.html
it's remote exec and affecting all version of MS... it is nasty :(
no fix yet, but workaround available:
===
Apply the Microsoft Fix it solution that blocks the attack vector for this vulnerability
See
Microsoft Knowledge Base Article 2719615
for instructions on applying an automated Microsoft Fix it solution
that blocks the attack vector for the vulnerability addressed in this
advisory. We recommend that administrators review the KB article closely
prior to deploying this Fix it solution.
Deploy the Enhanced Mitigation Experience Toolkit
The
Enhanced Mitigation Experience Toolkit (EMET) is a utility that helps
prevent vulnerabilities in software from successfully being exploited.
For more information, see
Microsoft Knowledge Base Article 2458544.
Configure EMET for Internet Explorer from the EMET user interface
To add iexplore.exe to the list of applications using EMET, perform the following steps:
- Click Start, click All Programs, click Enhanced Mitigation Experience Toolkit, then click EMET 3.0.
- Click Yes at the UAC prompt, click Configure Apps, then click Add.
- In the window that displays, browse to the application to be configured in EMET.
For 32-bit installations of Internet Explorer the location is:
C:\Program Files (x86)\Internet Explorer\iexplore.exe
Note On 32-bit systems, the path is c:\program files\Internet Explorer\iexplore.exe
For 64-bit installations of Internet Explorer the location is:
C:\Program Files\Internet Explorer\iexplore.exe
- Click OK and exit EMET.
Configure EMET for Internet Explorer from a command line
- For 32-bit installations of Internet Explorer, run the following from an elevated command prompt:
C:\Windows\System32>"c:\Program Files\EMET\EMET_Conf.exe"
--add "c:\Program Files (x86)\Internet Explorer\iexplore.exe"
Note For 32-bit systems, the path is c:\program files\Internet Explorer\iexplore.exe
- For x64-based installations of IE, run the following from an elevated command prompt:
C:\Windows\System32>"c:\Program Files (x86)\EMET\EMET_Conf.exe"
--add "c:\Program Files\Internet Explorer\iexplore.exe"
- If you have completed this successfully, the following message displays:
"The changes you have made may require restarting one or more applications"
- If the application has already been added in EMET, the following message displays:
Error:
"c:\Program Files (x86)\Internet Explorer\iexplore.exe" conflicts with
existing entry for "C:\Program Files (x86)\Internet
Explorer\iexplore.exe"
Configure
Internet Explorer to prompt before running Active Scripting or disable
Active Scripting in the Internet and Local intranet security zone
You
can help protect against this vulnerability by changing your settings
to prompt before running Active Scripting or to disable Active Scripting
in the Internet and Local intranet security zone. To do this, follow
these steps:
- In Internet Explorer, click Internet Options on the Tools menu.
- Click the Security tab.
- Click Internet, and then click Custom Level.
- Under Settings, in the Scripting section, under Active Scripting, click Prompt or Disable, and then click OK.
- Click Local intranet, and then click Custom Level.
- Under Settings, in the Scripting section, under Active Scripting, click Prompt or Disable, and then click OK.
- Click OK two times to return to Internet Explorer.
Note Disabling
Active Scripting in the Internet and Local intranet security zones may
cause some websites to work incorrectly. If you have difficulty using a
website after you change this setting, and you are sure the site is safe
to use, you can add that site to your list of trusted sites. This will
allow the site to work correctly.
Note After you
set Internet Explorer to require a prompt before it runs ActiveX
controls and/or Active Scripting in the Internet zone and in the Local
intranet zone, you can add sites that you trust to the Internet Explorer
Trusted sites zone. This will allow you to continue to use trusted
websites exactly as you do today, while helping to protect you from this
attack on untrusted sites. We recommend that you add only sites that
you trust to the Trusted sites zone.
To do this, follow these steps:
- In Internet Explorer, click Tools, click Internet Options, and then click the Security tab.
- In the Select a Web content zone to specify its current security settings box, click Trusted Sites, and then click Sites.
- If you want to add sites that do not require an encrypted channel, click to clear the Require server verification (https:) for all sites in this zone check box.
- In the Add this Web site to the zone box, type the URL of a site that you trust, and then click Add.
- Repeat these steps for each site that you want to add to the zone.
- Click OK two times to accept the changes and return to Internet Explorer.
Note Add
any sites that you trust not to take malicious action on your computer.
Two in particular that you may want to add are
"*.windowsupdate.microsoft.com" and
"*.update.microsoft.com"
(without the quotation marks). These are the sites that will host the
update, and it requires an ActiveX Control to install the update.
Impact of Workaround:
There are side effects to prompting before running Active Scripting.
Many websites that are on the Internet or on an intranet use Active
Scripting to provide additional functionality. For example, an online
e-commerce site or banking site may use Active Scripting to provide
menus, ordering forms, or even account statements. Prompting before
running Active Scripting is a global setting that affects all Internet
and intranet sites. You will be prompted frequently when you enable this
workaround. For each prompt, if you feel you trust the site that you
are visiting, click
Yes to run Active Scripting. If you
do not want to be prompted for all these sites, use the steps outlined
in "Add sites that you trust to the Internet Explorer Trusted sites
zone".
Labels: secblog, security
