Microsoft Security Advisory 2757760 ~ Security Garden

Tuesday, September 18, 2012

Microsoft Security Advisory 2757760

Microsoft released Security Advisory 2757760 to address an issue that affects all versions of Internet Explorer except IE10.

Current exploits of this vulnerability occur with Internet Explorer using third-party software, most particularly Oracle’s Java, when visiting a website hosting malicious code.

Update: It was reported at the MSRC Blog that a Microsoft Fix it solution will be issued within the next few days. In the interim, it was also stated that this vulnerability is currently not widespread. See the update at Additional information about Internet Explorer and Security Advisory 2757760.

Recommendations:

Uninstall Java -- Most home computer users no longer need Java. Following are reasons why someone may need Oracle Sun Java installed on their computer:

Playing on-line games generally requires Java.
With OpenOffice, Java is needed for the items listed here.
It used to be that Java was needed for websites to be properly displayed. However, that is generally not the case now with Flash having taken over.
There may be commercial programs that depend on Java. If Java is needed for a software installed on your computer, there should be a prompt for it.

If you need Java, be sure you have uninstalled all old, vulnerable versions and have only the most recent release installed on your computer.

Install and configure EMET -- The Enhanced Mitigation Experience Toolkit was designed to help prevent hackers from gaining access to your system. It prevents exploitation by applying in-box mitigations such as DEP to configured applications.

The simple steps needed to add iexplore.exe to EMET and other actions are provided in the "Suggested Actions" section of the Security Advisory. When checking EMET, I was pleased to see that I had already added iexplore.exe.

References:

MSRC: Microsoft Releases Security Advisory 2757760
Tech Net Advisory: Microsoft Security Advisory (2757760) Vulnerability in Internet Explorer Could Allow Remote Code Execution
Download: EMET (Enhanced Mitigation Toolkit v3.0)

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

1 comment:

KY331 said...: Microsoft Fix-it 50939 , "Prevent Memory Corruption via ExecCommand in Internet Explorer,", that prevents exploitation of this issue, has been released and can be downloaded from:

http://support.microsoft.com/kb/2757760

Note: As this temporary Fix-it is not intended to be a replacement for any "permanent" security update eventually released, please be sure to also download and save the "UNdo" Fix-it 50938 so as to be able to UNdo this Fix-it in the future, prior to installing the "permanent" fix.; September 19, 2012 at 7:38 PM

Welcome to the Security Garden, where everything is coming up roses.

The best way to protect your garden is to fence it in. The same applies to your computer.
Get computer security news and information, help, tips and more at the Security Garden.

Articles

My Garden Roots

Perennial Favorites

Article Categories

Tuesday, September 18, 2012