[SECURITY-L] [technical-alerts em us-cert.gov: US-CERT Alert TA12-262A - Microsoft Security Advisory for Internet Explorer Exploit]
CSIRT - UNICAMP
security em unicamp.br
Qua Set 19 12:36:40 -03 2012
----- Forwarded message from US-CERT Alerts <technical-alerts em us-cert.gov> -----
Return-Path: <donotreply em us-cert.gov>
Received: from bolonha.unicamp.br (bolonha.unicamp.br [143.106.10.29])
by hermes.unicamp.br (Cyrus v2.3.14) with LMTPA;
Wed, 19 Sep 2012 01:05:02 -0300
X-Sieve: CMU Sieve 2.3
Received: from localhost (localhost [127.0.0.1])
by bolonha.unicamp.br (Postfix) with ESMTP id 2763A9F170;
Wed, 19 Sep 2012 01:05:02 -0300 (BRT)
X-DSPAM-Result: Innocent
X-DSPAM-Class: Innocent
X-DSPAM-Confidence: 0.99
X-DSPAM-Probability: 0.0000
X-DSPAM-Signature: N/A
X-Virus-Scanned: amavisd-new at unicamp.br
X-Spam-Flag: NO
X-Spam-Score: -0.838
X-Spam-Level:
X-Spam-Status: No, score=-0.838 required=6.9 tests=[DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7,
SPF_SOFTFAIL=0.972, UEC_HAS_MAILING_LIST=-0.01, DSPAM:Innocent=-1.000]
autolearn=disabled
Received: from bolonha.unicamp.br ([127.0.0.1])
by localhost (bolonha.unicamp.br [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id y-+lPaeJU1BA; Wed, 19 Sep 2012 01:05:00 -0300 (BRT)
Received: from florenca.unicamp.br (florenca.unicamp.br [143.106.10.159])
by bolonha.unicamp.br (Postfix) with ESMTP id 5D63F9F137;
Wed, 19 Sep 2012 01:05:00 -0300 (BRT)
Received: from johnson.nickel.us-cert.gov (unknown [147.72.252.47])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by florenca.unicamp.br (Postfix) with ESMTPS id 6C688FF758;
Wed, 19 Sep 2012 01:04:58 -0300 (BRT)
Received: from johnson.nickel.us-cert.gov (localhost [127.0.0.1])
by johnson.nickel.us-cert.gov (8.14.4/8.14.4/1.10) with ESMTP id q8IKrHBw028054;
Tue, 18 Sep 2012 16:56:40 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=us-cert.gov;
s=ye2ramdjwkxu; t=1348001800;
bh=28+3z72ZIeyYfPYcHVcQx8al/lsMLc+YMrHmlN0mmKg=;
h=Date:Message-Id:From:To:Subject:Sender:Reply-To:Cc:In-Reply-To:
References;
b=FwtnTJVt50Dchfi+wq1o01NZLLR7ccnwScuwwzT9oHBuNlXVLAZ7KWTNSosMXLBRs
Nqkirfhpr4sK8WNzeKtv0iAhz2df2UFX9C5GfhnhwrqABvrGlxqLbU06mUdb17UlxN
qOpcHMQibgtjtb1NpsJiarMXVcupqFYHLzZsr2Aw=
Received: (from lnchuser em localhost)
by johnson.nickel.us-cert.gov (8.14.4/8.14.4/1.2) id q8IKnJrR009815;
Tue, 18 Sep 2012 16:49:19 -0400
Date: Tue, 18 Sep 2012 16:49:19 -0400
Message-Id: <TA12-262A.20396 em us-cert.gov>
From: US-CERT Alerts <technical-alerts em us-cert.gov>
To: technical-alerts em us-cert.gov
Organization: US-CERT - +1 202-205-5266
List-Id: US-CERT Alerts <technical-alerts.us-cert.gov>
List-Help: <http://www.us-cert.gov/cas/#tech>, <mailto:Majordomo em us-cert.gov?body=help>
List-Subscribe: <mailto:Majordomo em us-cert.gov?body=subscribe%20technical-alerts>
List-Unsubscribe: <mailto:Majordomo em us-cert.gov?body=unsubscribe%20technical-alerts>
List-Post: NO (posting not allowed on this list)
List-Archive: <http://www.us-cert.gov/cas/techalerts>
Subject: US-CERT Alert TA12-262A - Microsoft Security Advisory for Internet Explorer Exploit
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Awareness System
US-CERT Alert TA12-262A
Microsoft Security Advisory for Internet Explorer Exploit
Original release date: September 18, 2012
Last revised: --
Systems Affected
* Microsoft Internet Explorer 7
* Microsoft Internet Explorer 8
* Microsoft Internet Explorer 9
Overview
An unpatched use-after-free vulnerability in Microsoft Internet
Explorer versions 7, 8, and 9 is being exploited in the wild.
Microsoft has released Security Advisory 2757760 with mitigation
techniques.
Description
Microsoft Internet Explorer versions 7, 8, and 9 are susceptible to
a use-after-free vulnerability. This vulnerability is being
actively exploited in the wild. At this time, there is no patch
available for this vulnerability. End-users can mitigate the
vulnerability by using Microsoft's Enhanced Mitigation Experience
Toolkit.
Additional mitigation advice is available in the MSRC blog post:
"Microsoft Releases Security Advisory 2757760" and US-CERT
Vulnerability Note VU#480095.
Impact
A remote, unauthenticated attacker could execute arbitrary code,
cause a denial of service, or gain unauthorized access to your
files or system.
Solution
US-CERT recommends Internet Explorer users read Microsoft Security
Advisory 2757760 and apply mitigation techniques such as using the
Microsoft Enhanced Mitigation Experience Toolkit.
References
* Microsoft Security Advisory (2757760)
<http://technet.microsoft.com/en-us/security/advisory/2757760>
* MSRC Blog: Microsoft Releases Security Advisory 2757760
<http://blogs.technet.com/b/msrc/archive/2012/09/17/microsoft-releases-security-advisory-2757760.aspx>
* Download Microsoft EMET 3.0
<http://www.microsoft.com/en-us/download/details.aspx?id=29851>
* US-CERT Vulnerability Note VU#480095
<http://www.kb.cert.org/vuls/id/480095>
Revision History
September 18, 2012: Initial release
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert em cert.org> with "TA12-262A Feedback VU#480095" in
the subject.
____________________________________________________________________
Produced by US-CERT, a government organization.
____________________________________________________________________
This product is provided subject to this Notification:
http://www.us-cert.gov/privacy/notification.html
Privacy & Use policy:
http://www.us-cert.gov/privacy/
This document can also be found at
http://www.us-cert.gov/cas/techalerts/TA12-262A.html
For instructions on subscribing to or unsubscribing from this
mailing list, visit http://www.us-cert.gov/cas/signup.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBUFjR/XdnhE8Qi3ZhAQKbYgf/ea8sgQoPJhjLd95pO0Xqejz+82rgVVFX
jiEAZcKpNygrCdh5NKNsEuZXQvsn4bew+pg3jgf5mplXLtl05WrOukZ7SL74GQjy
LFNPeRZ+nB8q6KwIEAGoeDFkewZqdzV0ro/z/ttMHjtbSteHoa9hrYqrwqPURZT0
JgGmth33YDV0VK1KZkgmD15mA1CMAPwbdVqL3WdznR/Dm9HyXi1XkRemA5TmBH8j
TpiMbHoUFZm79ZC/PbjE07NVZm5YNoTrWBZpebhsDssgnfBnL6J2BTtKeBKMVMcb
NNul23iMf7ydy6FjAvDmhmQ9A7WMyky+SFavYTr5GsXN8AkDhuOrJA==
=K/5z
-----END PGP SIGNATURE-----
----- End forwarded message -----
Mais detalhes sobre a lista de discussão SECURITY-L