Defending against that Internet Explorer exploit

Filed Under: Malware, Vulnerability

"The world is waiting for the patch from Microsoft to fix a critical flaw in Internet Explorer. Guest blogger Paul Ducklin, Sophos’s Asia-Pacific head of technology, describes the steps you can take to defend your computers. Over to you Paul…"

Paul Ducklin

As soon as Microsoft's new Internet Explorer patch comes out (this is scheduled for later today), apply it. This closes the hole which the exploit uses. That means there will be no buffer overflow, and the browser retains control. Infection does not occur.

If your anti-virus software includes a BOPS feature (Buffer Overflow Prevention System), turn it on. BOPS can detect that a buffer overflow has happened and freeze your browser before it is tricked into running the shellcode. Infection does not occur.

If your anti-virus has an IE plugin (sometimes called a BHO or Browser Helper Object), turn it on. This can detect that a web page containing an exploit is about to be displayed inside the browser. The page in blocked so there is no buffer overflow. Infection does not occur.

Make sure your anti-virus is active and has recently updated. This means that the malware program downloaded by the exploit will be blocked and thus cannot be installed. Infection does not occur.

Lastly, if you are one of the increasing number of users who has switched operating system, eg. to Mac OS X, or has switched browser, eg. to Firefox or Opera, don't sit back and smirk at your IE-using chums!

The advice about prompt patching and the effective use of anti-virus and other security software, applies to you too.

For example, Apple just published a whopping 190MB update to OS X (which now goes to version 10.5.6), including numerous important security fixes. Opera went from 9.62 to 9.63 on Tuesday, again to close some known security holes. And Firefox has today notified users of the release of version 3.0.5, fixing what they call "several security issues", including three considered "critical -- vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing". (Exactly the sequence of events used by the Internet Explorer attacks)

One mitigating factor for Firefox and Opera users is that we're not yet aware of any active exploitation online of those vulnerabilities. Still, best not take the chance. Get those patches downloaded ASAP.

Oh, and if you get a new netbook for Christmas, don't forget that you need to patch it before you start showing it off to your parents, children, spouse, partner, chums! Sorry to be a wowser on Christmas Day, but patches really are important, especially when they close holes which the bad guys are already well aware of.

, , ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog