IE Zero day — are we at risk?

On December 11, 2008, in Security, by

Shadowserver Foundation – Calendar – 2008-12-10:
http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20081210

“As many of you have seen, there is a new 0-day exploit in the wild affecting Internet Explorer 7 users. This is a new exploit that is being actively exploited and it was not patched yesterday (meaning there is no patch available, yet). Visiting a website with this exploit can result in a full compromise of an affected system. Currently most of the exploits out there will attempt to download a trojan onto the system. Shadowserver is aware of several hosts which are currently hosting exploit code designed to exploit this vulnerability. We would like to share this information so that it can be used for protection and detection. However, we strongly discourage visiting these sites for any reason. DO NOT visit the below sites as they are currently house live exploit code for the new IE7 0day exploit. The majority if not all of them also house several other exploits for different vulnerabilities as well.”

“Now for prevention, the first step you can take is to block the above domains and/or IP addresses. These sites are for the most part hosting a bunch of bad stuff and not just an IE7 exploit. However, there are certainly sites that we have missed and new ones that will pop up frequently, so this will not stop completely stop it all either. The only other real option against this exploit for now is an obvious one and that’s to just not use IE7 until the issue has been resolved. If you are aware of other fixes, please feel free to shoot them our way.”

Kudos to sites like these that let me as a network admin look at them and go, okay the chances that anyone from my firm will go to those sites is slim to none, so the risk from this IE 7 zero day for my end users and the type of web sites they go to is limited to non existent.  That doesn’t mean I didn’t go all slightly paranoid and block them anyway, but you get the idea that those sites as of right now are not ones that pose an undue risk to my environment.

Risk right now is still out there, but measurably low.

If you enjoyed this article, please consider sharing it!
Facebook Twitter Delicious Digg

 

2 Responses to IE Zero day — are we at risk?

  1. Matthew Clapham says:
    December 12, 2008 at 12:22 am

    I’m not too worried about this one, as most ‘sploits in browsers require user interaction and I’ve trained my user base at home with a healthy does of skepticism.

  2. indy says:
    December 12, 2008 at 11:34 am

    Several hits from a user yesterday on this:
    http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JS_DLOAD.MD&VSect=T

    It is also no longer just IE7 under XP.