Malaysian Computer Emergency Response Team

CONTACT US

SITEMAP

Search:

Home > Services > Advisories > MyCERT Advisories > 2009

MA-147.022009: MyCERT Special Alert - Vulnerability in Microsoft Windows Internet Explorer 7 (MS09-002)

1.0 Introduction

Microsoft has recently reported a critical vulnerability that exists in Microsoft Windows Internet Explorer 7. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. The flaw is specific to the method used, by Internet Explorer, to access objects, which have been previously deleted. Exploitation can be achieved via a specially crafted web paged designed to exploit vulnerability. Code execution will be possible within the context of the logged-on user.

This vulnerability can be exploited remotely and thus attacker could trick the user to open a specially crafted file that comes via an email attachment or a link to a website.

At this time of writing, there are publicly known exploits released for this vulnerability. MyCERT urges Malaysian Internet users to apply the new security patches released by Microsoft [ii].

Microsoft rates the vulnerability as "critical" for Internet Explorer 7 running on supported editions of Windows XP and Windows Vista. For Internet Explorer 7 running on supported editions of Windows Server 2003 and Windows Server 2008, this security update is rated as "moderate".

2.0 Impact

By exploiting this vulnerability, an attacker could execute arbitrary commands on the user's computer. The attacker will have the same privilege as the user.

MyCERT has done some analysis based on exploits available on the Internet and can confirm this observation.

3.0 Affected Products

Windows Internet Explorer 7 for this following Microsoft Windows Operating System:

Windows XP Service Pack 2 and Windows XP Service Pack 3
Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista and Windows Vista Service Pack 1
Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
Windows Server 2008 for 32-bit Systems*
Windows Server 2008 for x64-based Systems*
Windows Server 2008 for Itanium-based Systems

The impact for each environment is different ranging from Critical to Moderate.

4.0 Recommendation

Users are recommended to apply the fixes from Microsoft immediately depending on the system affected from the URL http://support.microsoft.com/kb/961260

MyCERT also recommends that the use of privilege account such as "Administrator" to be used in specific circumstance i.e. system maintenance. Users should avoid using Internet Explorer with high privileged user accounts. Finally, users must make sure that they do not open and/or save Web pages from unknown sources.

5.0 Reference

i. http://www.microsoft.com/technet/security/bulletin/MS09-002.mspx
ii. http://support.microsoft.com/kb/961260
iii. http://vil.nai.com/vil/content/v_vul41731.htm