On complete thorough investigation, Microsoft will be taking necessary actions to protect their customers by providing a solution through monthly security updates or out-of-cycle security updates depending on the customer needs.
What versions are vulnerable?
IE6,IE8, IE9, IE10, IE11 are vulnerable versions of the browser. Al most all the versions after IE6 seems to have been compromised. There is a chance for the browser versions IE9 or later getting security patched but the IE6 and 8 which comes with Windows XP cannot be. It is a known fact that Microsoft stopped support for XP on April 8th this year.
Though people hate to upgrade to later versions of Windows operating system after XP, Microsoft seriously stated that it cannot provide the security holes that are found in the most adorable operating system, Windows XP.
Affected Software
Operating System | Component |
Internet Explorer 6 | |
Windows Server 2003 Service Pack 2 | Internet Explorer 6 |
Windows Server 2003 x64 Edition Service Pack 2 | Internet Explorer 6 |
Windows Server 2003 with SP2 for Itanium-based Systems | Internet Explorer 6 |
Internet Explorer 7 | |
Windows Server 2003 Service Pack 2 | Internet Explorer 7 |
Windows Server 2003 x64 Edition Service Pack 2 | Internet Explorer 7 |
Windows Server 2003 with SP2 for Itanium-based Systems | Internet Explorer 7 |
Windows Vista Service Pack 2 | Internet Explorer 7 |
Windows Vista x64 Edition Service Pack 2 | Internet Explorer 7 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | Internet Explorer 7 |
Windows Server 2008 for x64-based Systems Service Pack 2 | Internet Explorer 7 |
Windows Server 2008 for Itanium-based Systems Service Pack 2 | Internet Explorer 7 |
Internet Explorer 8 | |
Windows Server 2003 Service Pack 2 | Internet Explorer 8 |
Windows Server 2003 x64 Edition Service Pack 2 | Internet Explorer 8 |
Windows Vista Service Pack 2 | Internet Explorer 8 |
Windows Vista x64 Edition Service Pack 2 | Internet Explorer 8 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | Internet Explorer 8 |
Windows Server 2008 for x64-based Systems Service Pack 2 | Internet Explorer 8 |
Windows 7 for 32-bit Systems Service Pack 1 | Internet Explorer 8 |
Windows 7 for x64-based Systems Service Pack 1 | Internet Explorer 8 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | Internet Explorer 8 |
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 | Internet Explorer 8 |
Internet Explorer 9 | |
Windows Vista Service Pack 2 | Internet Explorer 9 |
Windows Vista x64 Edition Service Pack 2 | Internet Explorer 9 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | Internet Explorer 9 |
Windows Server 2008 for x64-based Systems Service Pack 2 | Internet Explorer 9 |
Windows 7 for 32-bit Systems Service Pack 1 | Internet Explorer 9 |
Windows 7 for x64-based Systems Service Pack 1 | Internet Explorer 9 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | Internet Explorer 9 |
Internet Explorer 10 | |
Windows 7 for 32-bit Systems Service Pack 1 | Internet Explorer 10 |
Windows 7 for x64-based Systems Service Pack 1 | Internet Explorer 10 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | Internet Explorer 10 |
Windows 8 for 32-bit Systems | Internet Explorer 10 |
Windows 8 for x64-based Systems | Internet Explorer 10 |
Windows Server 2012 | Internet Explorer 10 |
Windows RT | Internet Explorer 10 |
Internet Explorer 11 | |
Windows 7 for 32-bit Systems Service Pack 1 | Internet Explorer 11 |
Windows 7 for x64-based Systems Service Pack 1 | Internet Explorer 11 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | Internet Explorer 11 |
Windows 8.1 for 32-bit Systems | Internet Explorer 11 |
Windows 8.1 for x64-based Systems | Internet Explorer 11 |
Windows Server 2012 R2 | Internet Explorer 11 |
Windows RT 8.1 | Internet Explorer 11 |
Non-Applicable Software
Operating System | Component |
Server Core installation | |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | Not applicable |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | Not applicable |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | Not applicable |
Windows Server 2012 (Server Core installation) | Not applicable |
Windows Server 2012 R2 (Server Core installation) | Not applicable |
What might an attacker do with the vulnerability?
An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit this vulnerability.In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email.
How to fight against the vulnerability?
The Internet explorer on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2 runs in a restricted mode by default which is known as Enhanced Security Configuration. This configuration is a group of settings that are preconfigured and can reduce the user running a specially crafted web content on the server.EMET(Enhanced Mitigation Experience Toolkit) can manage security mitigation technologies that help make it more difficult for an attacker to exploit the attack. EMET helps to mitigate this vulnerability on Internet Explorer on systems where EMET is installed and configured with Internet Explorer.
An attacker can get the full control of the computer after the exploitation of the attack if you are using the computer with administrator privileges. Users with limited privileges are not effected that much of an admin.
If you are still using XP, it’s the time to upgrade to Windows 7 or 8. As there are no security updates available to XP, users can gain full access to your computer’s control and data which can be deleted or modified without any notice to you.
Look out for more information on this vulnerability on Microsoft Security Advisory portal.
Post a Comment