Slashdot Mirror
Critical Internet Explorer 11 Vulnerability Identified After Hacking Team Breach
An anonymous reader writes: After analyzing the leaked data from last week's attack on Hacking Team, Vectra researchers discovered a previously unknown high severity vulnerability in Internet Explorer 11, which impacts the browser on both Windows 7 and Windows 8.1. The vulnerability is an exploitable use-after-free (UAF) vulnerability that occurs within a custom heap in JSCRIPT9. Since it exists within a custom heap, it can allow an attacker to bypass protections found in standard memory. Microsoft has published a patch for this vulnerability, and also patched another one pulled from the Hacking Team files by different security researchers.
If anything these leaks will remind us to continously rethink our security configurations. It needs to be on a neurotic level and even then it's probably not enough. Everything needs to be isolated and access has to be as limited as possible to data that's not explicitly needed for whatever task at hand. We need to always assume our systems are vulnerable and possibly even compromised without our knowledge.
Or wait, my boss just told me we don't have the budget for it. Never mind.
Do not look at the laser with the remaining eye
Thank you to whoever hacked Hacking Team. Because of your work leaking the big data dump, a number of fairly nasty security holes in commonly used computer software such as Flash and Internet Explorer have now been patched by their manufacturers.
Companies (or government agencies) who discover/collect/buy/obtain unpatched vulnerabilities in software and sit on them so they can use them for spying purposes are no better than criminal gangs who discover/collect/buy/obtain unpatched vulnerabilities and sit on them so they can use them for building malware.
IMO There is NEVER a valid reason for ANY entity to hold onto an unpatched vulnerability and exploit it, not even the arguments of "National Security" and "we need this to stop terrorists" that have been used by the NSA and other agencies to justify this practice.
Defence in the depth is the only option we have - relying on a single piece of software to be "secure" is obviously more than optimistic.
But even defence in depth fails if the government throws enough money at a hacking company. They will just buy the exploits and string them together to take over the flash player, escape the sandbox, escalate privileges, and then jump across the network. Defence in depth makes this a tedious, expensive and uncertain exercise, but by no means impossible.
Thank you for the feedback.
This issue is no longer reproducible in the latest build of Microsoft Edge on the Windows 10 Insider Preview <build-number>.
Best regards,
The Microsoft Edge team
From personal experience i'd expect that is the current likely response to any IE11 bug where you give irrefutable evidence, clear and concise explanations and isolated test cases.
Selectively naming things obsolete when it suits.
Before Edge it would have been "does not affect enough users, will not fix"... Microsoft do not understand the concept of an evergreen browser, if Edge doesn't forcefully replace IE11 then they just fucked everyone again.
This sounds awfully familiar...OpenSSL had a critical vulnerability because they had decided to write a custom allocator instead of using the one provided by the OS. You would think IE developers, with their product being WIndows-only and strongly tied to Windows would never dream of reinventing the allocation wheel, especially as Windows memory management in general has had a huge amount of work done on it in the last few years to make it harder to exploit memory allocation bugs.
Oolite: Elite-like game. For Mac, Linux and Windows
Show me again which internet browser is perfect and never has any vulnerabilities because I can't seem to remember?
W3M
Oh wait, there were 5 total W3M vulnerabilities
227-3517