-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2013-0069 Title: Microsoft Alert Vulnerability in Internet Explorer Could Allow Remote Code Execution [1] Version history: 18.09.2013 Initial publication Summary ======= Microsoft is investigating public reports of a vulnerability in all supported versions of Internet Explorer. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability in Internet Explorer 8 and Internet Explorer 9. Applying the Microsoft Fix it solution, "CVE-2013-3893 MSHTML Shim Workaround," prevents the exploitation of this issue. See the Suggested Actions section of this advisory for more information. CVE number: CVE-2013-3893 Vulnerable systems ================== Internet Explorer 6 Internet Explorer 7 Internet Explorer 8 Internet Explorer 9 Internet Explorer 10 Internet Explorer 11 Windows XP Service Pack 3 Windows XP Professional x64 Edition Service Pack 2 Windows Server 2003 Service Pack 2 Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2003 with SP2 for Itanium-based Systems Windows Vista Service Pack 2 Windows Vista x64 Edition Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for Itanium-based Systems Service Pack 2 Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Windows 8 for 32-bit Systems Windows 8 for 64-bit Systems Windows Server 2012 Windows RT Windows 8.1 for 32-bit Systems Windows 8.1 for 64-bit Systems Windows Server 2012 R2 Windows RT 8.1 Original Details [1] ================ The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs. What can you do? ================ Apply Workarounds. Apply the Microsoft Fix it solution, "CVE-2013-3893 MSHTML Shim Workaround", that prevents exploitation of this issue. See Microsoft Knowledge Base Article 2887505 [2] to use the automated Microsoft Fix it solution to enable or disable this workaround. Deploy the Enhanced Mitigation Experience Toolkit. The Enhanced Mitigation Experience Toolkit (EMET) helps mitigate the exploitation of this vulnerability by adding additional protection layers that make the vulnerability harder to exploit. EMET 3.0 and EMET 4.0 are officially supported by Microsoft. At this time, EMET is only available in the English language. For more information, see Microsoft Knowledge Base Article 2458544 [3]. What to tell your users? ======================== N/A More information ================ [1] http://technet.microsoft.com/en-us/security/advisory/2887505 [2] http://support.microsoft.com/kb/2887505 [3] http://support.microsoft.com/kb/2458544 Best regards, CERT-EU Pre-configuration Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 Privacy Statement: http://cert.europa.eu/cert/plainedition/en/cert_privacy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJSOdEyAAoJEPpzpNLI8SVoJG8P/08OKgOkZVWehHZ4hVw5QXQ2 KohS+9cNVNTkfJcJZqumRSUfHupt1fj8xtUKS+sjAXAgIuymFiYKFAt9+LlZi6uf ynFUu0arvSox0inVTZvgKC8mdQBAAl6ylhuN0etlh6l0r5OiH9eRVJvDI9Ra9Hdx F2csK/aiRVfZ1wTAIJEfJNk7u8gewdX599VtXb1DxflbE2ReVlfUj4dFKf7GPKo9 WavhcPS0eLUh5h3yGiq/DAVRgirf6VSYcN78Ac6y/CmiJ8/U+tmc+lPqRUAmiAnl ND6srFB+w7LfGNVoeQTWYLO2KVTOjrOSESLDvDNfXDnazdP1FuN+l1Z/KEkMFZEy gIav096VervC7KQp99yRwAxqBlikPKLQTcIQYHtmYFcxYo2X+f7AtPYRj3kEXpjJ 48waxNtNfPc+y7/eDRJBzUUFTAClHBjtz89BrvAZK55L/18eaMcxnQfdQYpq1BrO RGuku3JRuID8i2Gq0/90NzMHSQBbWXpzOs7kpjLC5UPAcZN+2F139WHKC/nEWxNa wQj3bsqoC+fA2TmMYXDHJa6v5MyMklfA9l86pRcVEKDYHWTuVezxjUc0/s9ev8bb gYh+vjF7uX1NzbM14ZMdPYQ1kDBr51KO1NoqwOLvthnjN6UKHagMB4tbUSE/cGe3 74qwVDJv85xFW11jND99 =7xA2 -----END PGP SIGNATURE-----