topic Re: New Zero-Day Exploit targeting IE9-11 CVE-2014-1776 in General Topics

New Zero-Day Exploit targeting IE9-11 CVE-2014-1776

_slv_ — Mon, 28 Apr 2014 09:09:08 GMT

Hello

Id like to share with You (sad) news about IE http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html

and response from Microsoft https://technet.microsoft.com/library/security/2963983

This is probably will be first issiue on Windows XP that will be never patched.

We are wating for 433 Thread prevention update ... I hope it will be realeased soon as a emergency update.

Regards

Slawek

Re: New Zero-Day Exploit targeting IE9-11 CVE-2014-1776

gswcowboy — Mon, 28 Apr 2014 15:37:14 GMT

Coverage to be provided in version 433

-Renato

Re: New Zero-Day Exploit targeting IE9-11 CVE-2014-1776

gswcowboy — Mon, 28 Apr 2014 19:06:34 GMT

Possible Emergency update. Will update thread accordingly.

Re: New Zero-Day Exploit targeting IE9-11 CVE-2014-1776

hshah — Mon, 28 Apr 2014 19:49:52 GMT

Indeed it is

Re: New Zero-Day Exploit targeting IE9-11 CVE-2014-1776

_slv_ — Mon, 28 Apr 2014 20:40:15 GMT

Update is ready to dwonload!

Re: New Zero-Day Exploit targeting IE9-11 CVE-2014-1776

darren_g — Tue, 29 Apr 2014 01:42:09 GMT

slv wrote:

Hello

and response from Microsoft https://technet.microsoft.com/library/security/2963983

This is probably will be first issiue on Windows XP that will be never patched.

We are wating for 433 Thread prevention update ... I hope it will be realeased soon as a emergency update.

Regards

Slawek

I'd like to point out that you can move towards mitigating this, even on XP, by installing EMET on your PC (http://support.microsoft.com/kb/2458544)

This allows you to "sandbox" critical processes (in this case, IE) from being exploited by this bug.

It's not perfect, but coupled with the content release by PA, you can certainly minimise your risk should you be in a position (like me) where you simply can't get rid of XP (completely) for whatever reason.

Re: New Zero-Day Exploit targeting IE9-11 CVE-2014-1776

ICarder — Wed, 30 Apr 2014 20:57:24 GMT

Palo Alto newbie here. If the signature has been downloaded and installed(we have threat prevention) with the default action of reset-client, does that mean my "inside" machines are protected from the exploit?

Re: New Zero-Day Exploit targeting IE9-11 CVE-2014-1776

HULK — Wed, 30 Apr 2014 22:46:16 GMT

Hello ICarder,

Yes, if the default action is "reset-client", then PAN firewall will drop the connection and end machines are protected from the exploit.

Thanks

Re: New Zero-Day Exploit targeting IE9-11 CVE-2014-1776

infotech — Thu, 01 May 2014 13:10:43 GMT

So how can you identify if the zero day is in your network? What is the remidiation for it and does the PA just alert for it or remove it?

Re: New Zero-Day Exploit targeting IE9-11 CVE-2014-1776

HULK — Fri, 02 May 2014 03:22:05 GMT

As soon as PAN firewall will identify the signature of that packet, it will reset ( send TCP RST) the connection ( drop the collection). Also you will be able to see the same information under threat logs.

Thanks

Re: New Zero-Day Exploit targeting IE9-11 CVE-2014-1776

_slv_ — Sat, 03 May 2014 09:34:46 GMT

Microsoft made a patch for XP http://blogs.technet.com/b/microsoft_blog/archive/2014/05/01/updating-internet-explorer-and-driving-security.aspx for this 0-day!

Re: New Zero-Day Exploit targeting IE9-11 CVE-2014-1776

CoreySteele — Sat, 03 May 2014 16:27:20 GMT

I'd like to create a custom app-ID signature to allow me to block all use of IE on the network... I'm having trouble with the regex for the user-agent string... anyone care to help? :smileyblush: