The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My work

  • My badges

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming

    20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now

    20140424-Windows-7-free-disk-space

    More Photos
  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,327 other followers

Zero day vulnerability in mshtml.dll used by Internet Explorer 6, 7, 8 and 9, and many other products.

Posted by Jeroen Pluimers on 2012/09/20

Summary:

  • Zero day vulnerability in mshtml.dll used by Internet Explorer 6, 7, 8 and 9, and many other products.
  • Resolution: Deploy EMET or stop using IE and other products using mshtml.dll until Microsoft delivers a patch.

Earlier this week a zero-day vulnerability in the mshtml.dll was made public. This DLL is used by almost all Internet Explorer versions (6-9 are vulnerable) and many other software products (almost anything from Microsoft and a lot of 3rd party software that displays a web page on Windows).

While Microsoft is building a fix that is to be released very soon now (probably tomorrow, Friday September 21st 2010), the official resolutions are not to use the mshtml.dll at all (impractical for many people), or deploy EMET (impractical too as it requires administrative privileges).

If you can, switch to a browser that uses a different layout engine than mshtml.dll (for instance browsers based on WebKit will do).

These pages are good starting points for more information:

Particularly interesting posts:

–jeroen

8 Responses to “Zero day vulnerability in mshtml.dll used by Internet Explorer 6, 7, 8 and 9, and many other products.”

  1. Petr Vones said

    Security update is scheduled for today http://blogs.technet.com/b/msrc/archive/2012/09/19/internet-explorer-fix-it-available-now-security-update-scheduled-for-friday.aspx

  2. Petr Vones said

    There is “Fix It” workaround available http://support.microsoft.com/kb/2757760

  3. IL said

    Why EMET is considered impractical? It’s easy to deploy and configure.

    • jpluimers said

      Impractical because lot’s of people don’t have administrative access to their computers.

      • Petr Vones said

        Well, it is up to administrators of their computers to care about that.

      • IL said

        Thanks for the link to a very good article on configuring EMET http://www.rationallyparanoid.com/articles/microsoft-emet-3.html
        I hope it can prevent some 0-day Java/PDF/Flash exploits too. Pesonally I’m using EMET at my home and work computers for some time, but have seen it triggered only once.

      • IL said

        Not once but twice:
        on 2012/08/21 EMET detected MandatoryASLR mitigation and will close the application: C:\Program Files\totalcmd\TOTALCMD.EXE
        on 2012/07/30 EMET detected SEHOP mitigation and will close the application: C:\MinGW\msys\1.0\home\admin\farmanager\unicode_far\Release.32.gcc\Far.exe
        Far was compiled from sources. Not sure what version of Total Commander triggered MandatoryASLR.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
Follow

Get every new post delivered to your Inbox.

Join 1,327 other followers

%d bloggers like this: