none
Microsoft Security Advisory 2963983 RRS feed

  • Question

  • https://technet.microsoft.com/library/security/2963983

    I called MS today not sure i had the right department, but the gentleman didn't know what I was referencing does anyone know of a site to get up to date information of this issue and when MS plans on releasing a patch?

    Also were advising everyone to disable the Adobe flash in internet explorer Add-on's, anything else that we can do to remedy this is greatly valued.

    Thank you,

    Wednesday, April 30, 2014 3:03 AM

Answers

  • Summary: For more information on these and other remediation options, please see Security Advisory 2963983.  Additional information on this limited, targeted attack can be found on the MSRC blog

    IE is widely recognized as the most secure browser against socially-engineered malware, the most common form of attack, blocking 99.9% of malware in a recent NSS Labs test

    We encourage you to consider upgrading to the latest version of IE for improved security features such as Enhanced Protected Mode, better backward compatibility through Enterprise Mode, increased performance, and support for the modern web standards that run today’s websites and services.

    On April 26, 2014, Microsoft released a Security Advisory (2963983) to notify customers of a vulnerability in IE.  At this time we are aware of limited, targeted attacks.  We encourage customers to follow the suggested mitigations outlined in the security advisory while an update is finalized.

    Guidance on suggested mitigations:

    Our investigation has revealed that Enhanced Protected Mode, on by default for the modern browsing experience in IE10 and IE11, as well as Enhanced Mitigation Experience Toolkit (EMET) 4.1 and EMET 5.0 Technical Preview, could help protect against this potential risk.  We encourage customers to follow the suggested mitigations outlined in the security advisory while an update is finalized.

    The Enhanced Mitigation Experience Toolkit 4.1: (EMET) helps mitigate the exploitation of this vulnerability by adding additional protection layers that make the vulnerability harder to exploit.  EMET 4.1 is supported by Microsoft, and is automatically configured to help protect Internet Explorer.  EMET can also be configured using Group Policy.  For more information, see Microsoft Knowledge Base Article 2458544.

    More details:

    • Deploy the Enhanced Mitigation Experience Toolkit 4.1
      • Pros:  Blocks potential exploits of this vulnerability
      • Cons:  May be incompatible with some web apps
    • Enable Enhanced Protected Mode
      • Pros: Blocks potential exploits of this vulnerability
      • Cons:  May be incompatible with some web apps; not available on 32-bit Windows 7

    Businesses who have upgraded to IE11 or IE10 can enable Enhanced Protected Mode (EPM) for additional security protection.   On Windows 8 and Windows 8.1, EPM is enabled by default for the modern, immersive browsing experience.  Customers using the touch-friendly IE11 browser on Windows tablets, for example, are already using EPM and may not be susceptible to this and similar attacks.   

    Enhanced Protected Mode can be enabled and managed through Group Policy.  To manually enable EPM in IE, perform the following steps:

    1. On the IE Tools menu, click Internet Options.
    2. In the Internet Options dialog box, click the Advanced tab, and then scroll down to the Security section of the settings list.
    3. Ensure the checkboxes next to Enable Enhanced Protected Mode and Enable 64-bit processes for Enhanced Protected Mode (for 64-bit systems) are selected.
    4. Click OK to accept the changes and return to IE.
    5. Restart your system.

    While Enhanced Protected Mode provides significant additional protection, it may not be compatible with some add-ons and enterprise web apps.  Also, while EPM is available for 64-bit Windows 7, it is not an option for 32-bit Windows 7 installations. 

    •  Unregister VGX.DLL
      • Pros:  Relatively simple workaround
      • Cons:  May not protect against other exploits

    Known attacks currently take advantage of VGX.DLL, which provides support for Vector Markup Language (VML).  VML is not natively supported by most web browsers today, so this remediation option may have the least impact on enterprise web app compatibility. 

    To unregister VGX.DLL:

    • Click Start, click Run, and type "%SystemRoot%\System32\regsvr32.exe" /u /s "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"
    • After an update has been released and installed, you can re-register VGX.DLL with:  "%SystemRoot%\System32\regsvr32.exe" /s "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"
    • These commands can be issued as batch files via Microsoft System Center Configuration Manager or other infrastructure management solutions. 


    Rob^_^

    Wednesday, April 30, 2014 7:19 AM

All replies

  • The best way is use alternative browsers
    Wednesday, April 30, 2014 3:20 AM
  • this is a short term solution i'm looking at how to address this sooner rather than later.
    Wednesday, April 30, 2014 3:25 AM
  • Summary: For more information on these and other remediation options, please see Security Advisory 2963983.  Additional information on this limited, targeted attack can be found on the MSRC blog

    IE is widely recognized as the most secure browser against socially-engineered malware, the most common form of attack, blocking 99.9% of malware in a recent NSS Labs test

    We encourage you to consider upgrading to the latest version of IE for improved security features such as Enhanced Protected Mode, better backward compatibility through Enterprise Mode, increased performance, and support for the modern web standards that run today’s websites and services.

    On April 26, 2014, Microsoft released a Security Advisory (2963983) to notify customers of a vulnerability in IE.  At this time we are aware of limited, targeted attacks.  We encourage customers to follow the suggested mitigations outlined in the security advisory while an update is finalized.

    Guidance on suggested mitigations:

    Our investigation has revealed that Enhanced Protected Mode, on by default for the modern browsing experience in IE10 and IE11, as well as Enhanced Mitigation Experience Toolkit (EMET) 4.1 and EMET 5.0 Technical Preview, could help protect against this potential risk.  We encourage customers to follow the suggested mitigations outlined in the security advisory while an update is finalized.

    The Enhanced Mitigation Experience Toolkit 4.1: (EMET) helps mitigate the exploitation of this vulnerability by adding additional protection layers that make the vulnerability harder to exploit.  EMET 4.1 is supported by Microsoft, and is automatically configured to help protect Internet Explorer.  EMET can also be configured using Group Policy.  For more information, see Microsoft Knowledge Base Article 2458544.

    More details:

    • Deploy the Enhanced Mitigation Experience Toolkit 4.1
      • Pros:  Blocks potential exploits of this vulnerability
      • Cons:  May be incompatible with some web apps
    • Enable Enhanced Protected Mode
      • Pros: Blocks potential exploits of this vulnerability
      • Cons:  May be incompatible with some web apps; not available on 32-bit Windows 7

    Businesses who have upgraded to IE11 or IE10 can enable Enhanced Protected Mode (EPM) for additional security protection.   On Windows 8 and Windows 8.1, EPM is enabled by default for the modern, immersive browsing experience.  Customers using the touch-friendly IE11 browser on Windows tablets, for example, are already using EPM and may not be susceptible to this and similar attacks.   

    Enhanced Protected Mode can be enabled and managed through Group Policy.  To manually enable EPM in IE, perform the following steps:

    1. On the IE Tools menu, click Internet Options.
    2. In the Internet Options dialog box, click the Advanced tab, and then scroll down to the Security section of the settings list.
    3. Ensure the checkboxes next to Enable Enhanced Protected Mode and Enable 64-bit processes for Enhanced Protected Mode (for 64-bit systems) are selected.
    4. Click OK to accept the changes and return to IE.
    5. Restart your system.

    While Enhanced Protected Mode provides significant additional protection, it may not be compatible with some add-ons and enterprise web apps.  Also, while EPM is available for 64-bit Windows 7, it is not an option for 32-bit Windows 7 installations. 

    •  Unregister VGX.DLL
      • Pros:  Relatively simple workaround
      • Cons:  May not protect against other exploits

    Known attacks currently take advantage of VGX.DLL, which provides support for Vector Markup Language (VML).  VML is not natively supported by most web browsers today, so this remediation option may have the least impact on enterprise web app compatibility. 

    To unregister VGX.DLL:

    • Click Start, click Run, and type "%SystemRoot%\System32\regsvr32.exe" /u /s "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"
    • After an update has been released and installed, you can re-register VGX.DLL with:  "%SystemRoot%\System32\regsvr32.exe" /s "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"
    • These commands can be issued as batch files via Microsoft System Center Configuration Manager or other infrastructure management solutions. 


    Rob^_^

    Wednesday, April 30, 2014 7:19 AM