Slashdot Mirror

← Back to Stories (view on slashdot.org)

Critical Internet Explorer 11 Vulnerability Identified After Hacking Team Breach

Posted by Soulskill on from the who-knows-where-zero-days-hide dept.

An anonymous reader writes: After analyzing the leaked data from last week's attack on Hacking Team, Vectra researchers discovered a previously unknown high severity vulnerability in Internet Explorer 11, which impacts the browser on both Windows 7 and Windows 8.1. The vulnerability is an exploitable use-after-free (UAF) vulnerability that occurs within a custom heap in JSCRIPT9. Since it exists within a custom heap, it can allow an attacker to bypass protections found in standard memory. Microsoft has published a patch for this vulnerability, and also patched another one pulled from the Hacking Team files by different security researchers.

25 of 58 comments (clear)

  1. Re:Critical IE vuln by Anonymous Coward · · Score: 2, Insightful

    If anything these leaks will remind us to continously rethink our security configurations. It needs to be on a neurotic level and even then it's probably not enough. Everything needs to be isolated and access has to be as limited as possible to data that's not explicitly needed for whatever task at hand. We need to always assume our systems are vulnerable and possibly even compromised without our knowledge.

    Or wait, my boss just told me we don't have the budget for it. Never mind.

  2. Programmers and Custom Code by Anonymous Coward · · Score: 1, Insightful

    It's intensely annoying that programmers continue to re-invent the wheel and poorly whenever they need something which they're certain that nobody but their clever selves has ever thought of before. Would it kill them to use a data structure from the standard library of the language they're using? But no, they're too cool and smart for that. They have to code it up custom and then introduce dozens of silly bugs because they're too lazy to write tests and their code is perfect anyway, or so they think, and this is what we get. The best programmers that I have met and worked with are the ones with some humility rather than the arrogant asses who call themselves "10X" developers and other such crap. Yeah right, 10 times the bugs maybe.

    1. Re:Programmers and Custom Code by Anonymous Coward · · Score: 1

      This is very much true. It's important to distinguish clever standard-conforming solutions from custom solutions. The biggest mistake many seemingly clever devs do is to break well established standards while trying out new approaches.

    2. Re: Programmers and Custom Code by Anonymous Coward · · Score: 1

      Huh. My programming goes to 11X.

    3. Re: Programmers and Custom Code by GrumpySteen · · Score: 1

      My programming is usually just XXX.

  3. For IE users .. by invictusvoyd · · Score: 4, Funny

    Do not look at the laser with the remaining eye

  4. Thank you to whoever hacked Hacking Team by jonwil · · Score: 5, Insightful

    Thank you to whoever hacked Hacking Team. Because of your work leaking the big data dump, a number of fairly nasty security holes in commonly used computer software such as Flash and Internet Explorer have now been patched by their manufacturers.

    Companies (or government agencies) who discover/collect/buy/obtain unpatched vulnerabilities in software and sit on them so they can use them for spying purposes are no better than criminal gangs who discover/collect/buy/obtain unpatched vulnerabilities and sit on them so they can use them for building malware.

    IMO There is NEVER a valid reason for ANY entity to hold onto an unpatched vulnerability and exploit it, not even the arguments of "National Security" and "we need this to stop terrorists" that have been used by the NSA and other agencies to justify this practice.

    1. Re:Thank you to whoever hacked Hacking Team by Anonymous Coward · · Score: 1

      I don't want to live on this planet anymore.

    2. Re:Thank you to whoever hacked Hacking Team by rvw · · Score: 1

      Isn't it time to sue HT, and make it illegal to keep these vulnerabilities to yourself? I can imagine the EU passing a law like this. If that means HT moves to Russia or Panama, let them!

    3. Re:Thank you to whoever hacked Hacking Team by fustakrakich · · Score: 3, Insightful

      Companies (or government agencies) who discover/collect/buy/obtain unpatched vulnerabilities in software and sit on them...

      When a government acts badly, the citizens have an obligation to correct it. When they don't, they are complicit.

      --
      “He’s not deformed, he’s just drunk!”
    4. Re:Thank you to whoever hacked Hacking Team by drinkypoo · · Score: 1

      Similarly, there is NEVER a valid reason for ANY entity to hold onto research findings nor trade secrets nor military secrets.

      Wow, I'm surprised to see such insight from you. See, when people do that, it's because they're trying to hold back the human race.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  5. Re:Critical IE vuln by thsths · · Score: 2

    Defence in the depth is the only option we have - relying on a single piece of software to be "secure" is obviously more than optimistic.

    But even defence in depth fails if the government throws enough money at a hacking company. They will just buy the exploits and string them together to take over the flash player, escape the sandbox, escalate privileges, and then jump across the network. Defence in depth makes this a tedious, expensive and uncertain exercise, but by no means impossible.

  6. Re: Critical IE vuln by Anonymous Coward · · Score: 1

    Show me again which internet browser is perfect and never has any vulnerabilities because I can't seem to remember?

  7. Microsoft Standard Response: by tomxor · · Score: 2

    Thank you for the feedback.
    This issue is no longer reproducible in the latest build of Microsoft Edge on the Windows 10 Insider Preview <build-number>.

    Best regards,

    The Microsoft Edge team

    From personal experience i'd expect that is the current likely response to any IE11 bug where you give irrefutable evidence, clear and concise explanations and isolated test cases.

    Selectively naming things obsolete when it suits.

    Before Edge it would have been "does not affect enough users, will not fix"... Microsoft do not understand the concept of an evergreen browser, if Edge doesn't forcefully replace IE11 then they just fucked everyone again.

    1. Re:Microsoft Standard Response: by Anonymous Coward · · Score: 1

      Neither does google.
      Or Apple.
      or..

      Think about the three things you can do as a consumer: Complain, Escalate, Publish.

    2. Re:Microsoft Standard Response: by tomxor · · Score: 1

      Obviously you dont understand what an evergreen browser is either.

      Evergreen browsers enable continuous obsolescence of old versions... making another product and ceasing development on the current one instead of replacing it completely fucks this model.

    3. Re:Microsoft Standard Response: by drinkypoo · · Score: 1

      Microsoft do not understand the concept of an evergreen browser

      What? Because Microsoft is getting rid of software which is architecturally unrepairable, they don't understand the value of keeping good software around? Look, there's lots of good reasons to hate Microsoft, you don't have to make up idiotic shit like this. iexplore must die, don't get in the way.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  8. Custom allocator by Alioth · · Score: 3, Insightful

    This sounds awfully familiar...OpenSSL had a critical vulnerability because they had decided to write a custom allocator instead of using the one provided by the OS. You would think IE developers, with their product being WIndows-only and strongly tied to Windows would never dream of reinventing the allocation wheel, especially as Windows memory management in general has had a huge amount of work done on it in the last few years to make it harder to exploit memory allocation bugs.

    --
    Oolite: Elite-like game. For Mac, Linux and Windows
  9. What? by pahles · · Score: 1

    There was a bug and now there is a patch?

    --
    Sig?
  10. Re: Critical IE vuln by packrat0x · · Score: 1

    Show me again which internet browser is perfect and never has any vulnerabilities because I can't seem to remember?

    W3M

    --
    227-3517
  11. Re: Critical IE vuln by packrat0x · · Score: 2

    Show me again which internet browser is perfect and never has any vulnerabilities because I can't seem to remember?

    W3M

    Oh wait, there were 5 total W3M vulnerabilities

    --
    227-3517
  12. Do like Firefox by Anonymous Coward · · Score: 1

    Warn users and make them click to run IE every time.

  13. This is... by calexontheroad66 · · Score: 1

    A gift that keeps on giving...

  14. Re: Critical IE vuln by ITRambo · · Score: 1

    There is no perfect browser. I prefer to use one that is the very responsive to security issues. Flash patches in Chrome are released within a day or so with Chrome automatically updating. IE11 is not automatically updated rapidly. I no longer think of MS "automatic updates" for IE as being automatic as MS still has to reboot Windows to patch many IE holes. So, they can go weeks without being fixed. IE is horrible. Chrome updates without you even knowing it as long as your computer is on and online. I hope Edge works like this as it's currently faster than Chrome in Windows 10 preview build 10166 on my PC. Did I mention that IE is horrible?

  15. Re:what's your point? by Billly+Gates · · Score: 1

    Yep I can do a .msi, push gpos, use .pac files, etc.

    And for several years it is just as secure as chrome and is w3c compliant and can render pages properly

    --
    http://saveie6.com/