New Zero-Day Exploit targeting IE9-11 CVE-2014-1776

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

New Zero-Day Exploit targeting IE9-11 CVE-2014-1776

L4 Transporter

Hello

Id like to share with You (sad) news about IE http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-v...

and response from Microsoft https://technet.microsoft.com/library/security/2963983

This is probably will be first issiue on Windows XP that will be never patched.

We are wating for 433 Thread prevention update ... I hope it will be realeased soon as a emergency update.

Regards

Slawek

1 accepted solution

Accepted Solutions

L6 Presenter

Coverage to be provided in version 433

-Renato

View solution in original post

11 REPLIES 11

L6 Presenter

Coverage to be provided in version 433

-Renato

Possible Emergency update. Will update thread accordingly.

Indeed it is

Update is ready to dwonload!

L4 Transporter

slv wrote:

Hello

Id like to share with You (sad) news about IE http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-v...

and response from Microsoft https://technet.microsoft.com/library/security/2963983

This is probably will be first issiue on Windows XP that will be never patched.

We are wating for 433 Thread prevention update ... I hope it will be realeased soon as a emergency update.

Regards

Slawek

I'd like to point out that you can move towards mitigating this, even on XP, by installing EMET on your PC (http://support.microsoft.com/kb/2458544)

This allows you to "sandbox" critical processes (in this case, IE) from being exploited by this bug.

It's not perfect, but coupled with the content release by PA, you can certainly minimise your risk should you be in a position (like me) where you simply can't get rid of XP (completely) for whatever reason.

L1 Bithead

Palo Alto newbie here.  If the signature has been downloaded and installed(we have threat prevention) with the default action of reset-client, does that mean my "inside" machines are protected from the exploit?

Hello ICarder,

Yes, if the default action is "reset-client", then PAN firewall will drop the connection and end machines are protected from the exploit.

Thanks

L4 Transporter

So how can you identify if the zero day is in your network? What is the remidiation for it and does the PA just alert for it or remove it?

As soon as PAN firewall will identify the signature of that packet, it will reset ( send TCP RST) the connection ( drop the collection). Also you will be able to see the same information under threat logs.

Thanks

L4 Transporter

L2 Linker

I'd like to create a custom app-ID signature to allow me to block all use of IE on the network... I'm having trouble with the regex for the user-agent string... anyone care to help? :smileyblush:

  • 1 accepted solution
  • 5988 Views
  • 11 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!