Tuesday, June 19, 2012

Microsoft Vulnerabilities Workaround

The attack code has been made public for two unpatched Microsoft vulnerabilities. The attack code for CVE-2012-1875 integrated into Metasploit targets Internet Explorer 8 on Windows XP with Service Pack 3.

As described in Microsofts' Security Advisory:
The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker's website.

Microsoft has yet to release a security patch for this vulnerability. However, a Microsoft "Fix it" tool that blocks the attack vector is available for download.

The public availability of exploit code for both of these vulnerabilities increases the chances that they will be exploited in new attacks. Users are advised to install the security patch for CVE-2012-1875 and the Microsoft Fix it tool for CVE-2012-1889 as soon as possible in order to protect themselves.

Because the link to Microsoft's Knowledgebase article (contained in their security advisory) is a 404 (not to mention the advisory is extremely confusing at best), I'm posting direct links here to Microsofts' FixIt Tool for the benefit of our readers.

Microsoft FixIt
As an interim work-around, Microsoft has provided a Microsoft Fix it solution that blocks the attack vector for this vulnerability. It's suggested that you save both files so that you can disable the solution prior to installing the update when it is released.

To Enable Microsoft Fix it 50897 http://go.microsoft.com/?linkid=9811924

This will download a file, MicrosoftFixit50897.msi to your computer. Double-click on the file to run it, accept the licensing agreement, and allow the Fix to install.

To Disable Microsoft Fix it 50898 http://go.microsoft.com/?linkid=9811925
Do this after a patch is released.

Microsoft has released a security patch to address CVE-2012-1875, you can install this by visiting Microsoft update. More information about this vulnerability can be found here: Cumulative Security Update for Internet Explorer (2699988).