Welcome to Smokey's Security Forums.
Guests have only limited access to the board and it's features, please consider registering to gain full access!
Registration is free and it only takes a few moments to complete.

Smokey's Security Forums

Please login or register.

Login with username, password and session length
Advanced search  

News:

It’s a slow month for Microsoft, as far as patch releases go.
Microsoft Patches 8 Vulnerabilities in Windows and Office.
Windows 7 is not affected in the default configuration.

Microsoft Patches 8 Vulnerabilities in Windows and Office

OTL Log Analysis and Malware Removal - Qualified PC Disinfection & Cleaning - Microsoft Security Info & Alert Center - Official Jetico Inc. Support Forums

Share this topic on FacebookShare this topic on MySpaceShare this topic on Del.icio.usShare this topic on DiggShare this topic on RedditShare this topic on StumbleUponShare this topic on TwitterAuthorTopic: MS09-054: Extra info on the attack surface for the IE security bulletin  (Read 163 times)

0 Members and 1 Guest are viewing this topic.

rv56Topic starter

  • VIP Member
  • *****
  • Offline Offline
  • location: Saskatchewan, Canada
  • Posts: 1506
MS09-054: Extra info on the attack surface for the IE security bulletin
« Reply #1 on: October 13, 2009, 11:01:00 PM »
MS09-054: Extra info on the attack surface for the IE security bulletin
12 October 2009, 4:36 pm

MS09-054  addresses an IE vulnerability (CVE-2009-2529), which was discovered and presented by Mark Dowd, Ryan Smith, and David Dewey at the BlackHat conference in July. We would like to go into more details in this blog post to help you understand more about this vulnerability.

What’s the attack vector?

A browse-and-get-owned attack vector exists. All that is needed is for a user to be lured to a malicious website. Triggering this vulnerability involves the use of a malicious XBAP (XAML Browser Application). Please not that while this attack vector matches one of the attack vectors for MS09-061, the underlying vulnerability is different.  Here, the affected process is the Windows Presentation Foundation (WPF) hosting process, PresentationHost.exe.

While the vulnerability is in an IE component, there is an attack vector for Firefox users as well. The reason is that .NET Framework 3.5 SP1 installs a “Windows Presentation Foundation” plug-in in Firefox, as shown below.



Via this plug-in it is possible to launch XBAP, and reach this vulnerability, from within Firefox.

How can I protect myself?

For IE users, our recommended workaround is to disable XBAP in the Internet zone. By default, IE8 on Win2k8 and Win2k3 already has XBAP disabled in the internet zone. For others, you can disable XBAP via the following security setting in IE.



For Firefox users with .NET Framework 3.5 installed, you may use “Tools”-> “Add-ons” -> “Plugins”, select “Windows Presentation Foundation”, and click “Disable”.

Also, if you would like to uninstall the “Windows Presentation Foundation” plug-in from Firefox, please refer to Microsoft’s KB article “How to remove the .NET Framework Assistant for Firefox“.

Big thanks to David Ross, Fermin J. Serna, and Andrew Roths from the MSRC Engineering Team, Eric Lawrence and Jeremy Reed from IE team, and Jennifer Lee from WPF team.

 

Source: Security Research & Defense

 

* Permissions
You can't post new topics.
You can't post replies.
You can't post attachments.
You can't modify your posts.
 BBCode Enabled
Smilies Enabled
[img] Enabled
HTML Disabled


Except where otherwise stated, all content Copyright © 2006 - 2010 Smokey Services™ -- All rights reserved

Surf Smokey's with confidence: all external links in posts are checked and rated by WOT - Web of Trust
Security Knowledge-, Alert- & News Center and Comprehensive Microsoft Windows Information & Download Center
Board- and databases search functions and the download of post attachments are only available to registered board members

    


==>Think your PC is infected? Click here for OTL Log Analysis and Malware Removal Assistance<==


Smokey's Security Forums provide full qualified OTL Log Analysis & Cleaning Services
OTL (formerly OTListIt2) by OldTimer is a sophisticated, comprehensive log analysis tool to clean PCs with malicious content

Microsoft Security Info & Alert Center - most recent, real-time released Microsoft Security Bulletins, Alerts, Advisories and Vulnerabilities:
<div style="background-color: none transparent;"><a href="http://www.rsspump.com/?web_widget/rss_widget" title="rss widget">Rss widget</a></div>