[ISN] Microsoft Patches IE Flaw Used In Attack That Bypassed Its Built-In Security Controls

From: InfoSec News <alerts_at_private>
Date: Wed, 9 Jun 2010 00:06:11 -0500 (CDT)
http://www.darkreading.com/vulnerability_management/security/app-security/showArticle.jhtml?articleID=225500033

By Kelly Jackson Higgins
DarkReading
June 08, 2010 

Among the 10 patches fixing 34 vulnerabilities that were released today 
by Microsoft is one that repairs a major hole in Internet Explorer that 
was used to help bypass the built-in security features in Windows 7 and 
Internet Explorer 8.

The memory corruption flaw, which was discovered and used by a Dutch 
researcher to win $10,000 in the March Pwn2Own hacking contest at the 
CanSecWest conference, was exploited along with another stage of attack 
on IE 8 to bypass Microsoft's much-lauded anti-exploit features, Data 
Execution Prevention (DEP) and Address Space Layout Randomization 
(ASLR).

Peter Vreugdenhil, the researcher who discovered the bug, didn't reveal 
the actual vulnerability he exploited in his hack, so Microsoft's 
MS10-035 security update today was the first time the nature of the flaw 
was made public: The memory corruption vulnerability could allow an 
attacker to take over the victim's machine due to the way IE tries to 
access incorrectly initialized memory. That memory can be corrupted by 
an attacker such that he can execute code on the logged-on user's 
machine.

Aaron Portnoy, manager of security research for HP TippingPoint, which 
sponsors the Pwn2Own contest, says this bug was at the heart of the 
Pwn2Own hack. "This was the crux of actually exploiting something -- 
this is the one that triggers memory corruption in IE," Portnoy says. 
"The other [part of the attack] was more for bypassing ASLR and DEP."

[...]


_______________________________________________________________________________
Attend Black Hat USA 2010, hosted at Caesars Palace in Las Vegas, Nevada 
July 24-29th, offering over 60 training sessions and 11 tracks of Briefings 
from security industry elite. To sign up visit http://www.blackhat.com
Received on Tue Jun 08 2010 - 22:06:11 PDT

This archive was generated by hypermail 2.2.0 : Tue Jun 08 2010 - 22:09:56 PDT