[SECURITY-L] [technical-alerts em us-cert.gov: US-CERT Alert TA12-262A - Microsoft Security Advisory for Internet Explorer Exploit]

CSIRT - UNICAMP security em unicamp.br
Qua Set 19 12:36:40 -03 2012 

----- Forwarded message from US-CERT Alerts <technical-alerts em us-cert.gov> -----

Return-Path: <donotreply em us-cert.gov>
Received: from bolonha.unicamp.br (bolonha.unicamp.br [143.106.10.29])
	 by hermes.unicamp.br (Cyrus v2.3.14) with LMTPA;
	 Wed, 19 Sep 2012 01:05:02 -0300
X-Sieve: CMU Sieve 2.3
Received: from localhost (localhost [127.0.0.1])
	by bolonha.unicamp.br (Postfix) with ESMTP id 2763A9F170;
	Wed, 19 Sep 2012 01:05:02 -0300 (BRT)
X-DSPAM-Result: Innocent
X-DSPAM-Class: Innocent
X-DSPAM-Confidence: 0.99
X-DSPAM-Probability: 0.0000
X-DSPAM-Signature: N/A
X-Virus-Scanned: amavisd-new at unicamp.br
X-Spam-Flag: NO
X-Spam-Score: -0.838
X-Spam-Level: 
X-Spam-Status: No, score=-0.838 required=6.9 tests=[DKIM_SIGNED=0.1,
	DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7,
	SPF_SOFTFAIL=0.972, UEC_HAS_MAILING_LIST=-0.01, DSPAM:Innocent=-1.000]
	autolearn=disabled
Received: from bolonha.unicamp.br ([127.0.0.1])
	by localhost (bolonha.unicamp.br [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id y-+lPaeJU1BA; Wed, 19 Sep 2012 01:05:00 -0300 (BRT)
Received: from florenca.unicamp.br (florenca.unicamp.br [143.106.10.159])
	by bolonha.unicamp.br (Postfix) with ESMTP id 5D63F9F137;
	Wed, 19 Sep 2012 01:05:00 -0300 (BRT)
Received: from johnson.nickel.us-cert.gov (unknown [147.72.252.47])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by florenca.unicamp.br (Postfix) with ESMTPS id 6C688FF758;
	Wed, 19 Sep 2012 01:04:58 -0300 (BRT)
Received: from johnson.nickel.us-cert.gov (localhost [127.0.0.1])
	by johnson.nickel.us-cert.gov (8.14.4/8.14.4/1.10) with ESMTP id q8IKrHBw028054;
	Tue, 18 Sep 2012 16:56:40 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=us-cert.gov;
	s=ye2ramdjwkxu; t=1348001800;
	bh=28+3z72ZIeyYfPYcHVcQx8al/lsMLc+YMrHmlN0mmKg=;
	h=Date:Message-Id:From:To:Subject:Sender:Reply-To:Cc:In-Reply-To:
	 References;
	b=FwtnTJVt50Dchfi+wq1o01NZLLR7ccnwScuwwzT9oHBuNlXVLAZ7KWTNSosMXLBRs
	 Nqkirfhpr4sK8WNzeKtv0iAhz2df2UFX9C5GfhnhwrqABvrGlxqLbU06mUdb17UlxN
	 qOpcHMQibgtjtb1NpsJiarMXVcupqFYHLzZsr2Aw=
Received: (from lnchuser em localhost)
	by johnson.nickel.us-cert.gov (8.14.4/8.14.4/1.2) id q8IKnJrR009815;
	Tue, 18 Sep 2012 16:49:19 -0400
Date: Tue, 18 Sep 2012 16:49:19 -0400
Message-Id: <TA12-262A.20396 em us-cert.gov>
From: US-CERT Alerts <technical-alerts em us-cert.gov>
To: technical-alerts em us-cert.gov
Organization: US-CERT - +1 202-205-5266
List-Id: US-CERT Alerts <technical-alerts.us-cert.gov>
List-Help: <http://www.us-cert.gov/cas/#tech>, <mailto:Majordomo em us-cert.gov?body=help>
List-Subscribe: <mailto:Majordomo em us-cert.gov?body=subscribe%20technical-alerts>
List-Unsubscribe: <mailto:Majordomo em us-cert.gov?body=unsubscribe%20technical-alerts>
List-Post: NO (posting not allowed on this list)
List-Archive: <http://www.us-cert.gov/cas/techalerts>
Subject: US-CERT Alert TA12-262A - Microsoft Security Advisory for Internet Explorer Exploit


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

National Cyber Awareness System

US-CERT Alert TA12-262A
Microsoft Security Advisory for Internet Explorer Exploit

Original release date: September 18, 2012
Last revised: --

Systems Affected

     * Microsoft Internet Explorer 7
     * Microsoft Internet Explorer 8
     * Microsoft Internet Explorer 9


Overview

   An unpatched use-after-free vulnerability in Microsoft Internet
   Explorer versions 7, 8, and 9 is being exploited in the wild.
   Microsoft has released Security Advisory 2757760 with mitigation
   techniques.


Description

   Microsoft Internet Explorer versions 7, 8, and 9 are susceptible to
   a use-after-free vulnerability. This vulnerability is being
   actively exploited in the wild. At this time, there is no patch
   available for this vulnerability. End-users can mitigate the
   vulnerability by using Microsoft's Enhanced Mitigation Experience
   Toolkit.

   Additional mitigation advice is available in the MSRC blog post:
   "Microsoft Releases Security Advisory 2757760" and US-CERT
   Vulnerability Note VU#480095.


Impact

   A remote, unauthenticated attacker could execute arbitrary code,
   cause a denial of service, or gain unauthorized access to your
   files or system.


Solution

   US-CERT recommends Internet Explorer users read Microsoft Security
   Advisory 2757760 and apply mitigation techniques such as using the
   Microsoft Enhanced Mitigation Experience Toolkit.


References

 * Microsoft Security Advisory (2757760)
   <http://technet.microsoft.com/en-us/security/advisory/2757760>

 * MSRC Blog: Microsoft Releases Security Advisory 2757760
   <http://blogs.technet.com/b/msrc/archive/2012/09/17/microsoft-releases-security-advisory-2757760.aspx>

 * Download Microsoft EMET 3.0
   <http://www.microsoft.com/en-us/download/details.aspx?id=29851>

 * US-CERT Vulnerability Note VU#480095
   <http://www.kb.cert.org/vuls/id/480095>


Revision History

  September 18, 2012: Initial release

 ____________________________________________________________________

   Feedback can be directed to US-CERT Technical Staff. Please send
   email to <cert em cert.org> with "TA12-262A Feedback VU#480095" in
   the subject.
 ____________________________________________________________________

   Produced by US-CERT, a government organization.
 ____________________________________________________________________

This product is provided subject to this Notification: 
http://www.us-cert.gov/privacy/notification.html

Privacy & Use policy: 
http://www.us-cert.gov/privacy/

This document can also be found at
http://www.us-cert.gov/cas/techalerts/TA12-262A.html

For instructions on subscribing to or unsubscribing from this 
mailing list, visit http://www.us-cert.gov/cas/signup.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBUFjR/XdnhE8Qi3ZhAQKbYgf/ea8sgQoPJhjLd95pO0Xqejz+82rgVVFX
jiEAZcKpNygrCdh5NKNsEuZXQvsn4bew+pg3jgf5mplXLtl05WrOukZ7SL74GQjy
LFNPeRZ+nB8q6KwIEAGoeDFkewZqdzV0ro/z/ttMHjtbSteHoa9hrYqrwqPURZT0
JgGmth33YDV0VK1KZkgmD15mA1CMAPwbdVqL3WdznR/Dm9HyXi1XkRemA5TmBH8j
TpiMbHoUFZm79ZC/PbjE07NVZm5YNoTrWBZpebhsDssgnfBnL6J2BTtKeBKMVMcb
NNul23iMf7ydy6FjAvDmhmQ9A7WMyky+SFavYTr5GsXN8AkDhuOrJA==
=K/5z
-----END PGP SIGNATURE-----

----- End forwarded message -----

Mais detalhes sobre a lista de discussão SECURITY-L