Windows smashed by Explorer exploit

Internet Explorer has become an even bigger security risk -- even on Windows XP SP2 -- with the publication of a new and extensive exploit.

Security researchers have warned that the exploit -- which takes advantage of known loopholes in SP2 -- could allow an attacker to run script code on a user's system via a specially crafted Web page.

The holes involved have been known publicly for more than two months, but previous exploit techniques required the user to take actions such as dragging an image from one part of a Web page to another. The new exploit -- a demonstration of which has been published here by Danish security firm Secunia -- is fully automated, requiring the user only to visit a Web page in Explorer. Other browsers and operating systems aren't affected.

"There now is a 'reliable' working exploit that can compromise an SP2 system by just visiting a Web page," Secunia chief technology officer Thomas Kristensen told Techworld. Secunia has raised its warning level to its highest "extremely critical" level.

Security group Greyhats warned of the new type of exploit in an advisory late last month. Secunia then upgraded its advisory to "extremely critical" and published a demonstration based on a proof-of-concept by a researcher known as ShredderSub7. US-CERT, the US' computer security alert organization, has also published an advisory on the issue.

Microsoft has warned users to turn off IE's "Drag and drop or copy and paste files" option as a partial solution. The danger can also be lessened by setting security levels to high for the "Internet" zone or, as several security firms pointed out, using another browser.

The exploit is the first major weakness in SP2 to have surfaced. Microsoft is promoting SP2, released last year, as a solution to many of Windows' worst security problems.

Researchers have identified three separate, but related issues in IE: a bug in the validation of certain drag-and-drop events, and zone restriction errors with embedded HTML Help ActiveX controls. The first problem can be avoided by disabling the "Drag and drop or copy and paste files" option, but the new exploit doesn't rely on this particular bug, researchers said.

The HTML Help control exploit bypasses one of SP2's key features, the "Local Machine" Zone lock down, designed to makes it far more difficult for attackers to execute script on a local system.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Matthew Broersma

Techworld.com
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?