Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Alert

Microsoft releases Security Advisory 2963983

by Carol~ Apr 29, 2014 5:14AM PDT

Dustin Childs @ the Microsoft Security Response Center Blog:

26 Apr 2014 8:25 PM

Today, we released Security Advisory 2963983 regarding an issue that impacts Internet Explorer. At this time, we are only aware of limited, targeted attacks. This issue allows remote code execution if users visit a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click a link in an email or instant message.

Our initial investigation has revealed that Enhanced Protected Mode, on by default for the modern browsing experience in Internet Explorer 10 and Internet Explorer 11, as well as Enhanced Mitigation Experience Toolkit (EMET) 4.1 and EMET 5.0 Technical Preview, will help protect against this potential risk. We also encourage you to follow the "Protect Your Computer" guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. Additionally, we encourage everyone to exercise caution when visiting websites and avoid clicking suspicious links, or opening email messages from unfamiliar senders. Additional information can be found at www.microsoft.com/protect.

We are monitoring the threat landscape very closely and will continue to take appropriate action to help protect customers.

http://blogs.technet.com/b/msrc/archive/2014/04/26/microsoft-releases-security-advisory.aspx

@ the Microsoft Security Research and Defense Blog: More Details about Security Advisory 2963983 IE 0day

⇒ Note: The Suggested Actions section of the Microsoft Security Advisory 2963983 provides instructions which will help protect against exploitation of this vulnerability.

Discussion is locked

24 Posts
- Collapse + Expand Details
- Collapse -
CNET News : Stop using Microsoft's IE browser until ...
by Carol~ Apr 29, 2014 6:51AM PDT
Stop using Microsoft's IE browser until bug is fixed, US and UK warn

"In rare move that highlights severity of security hole in popular Internet Explorer, US Computer Emergency Readiness Team and UK counterpart say some IE users may want to "consider employing an alternate browser" till flaw is patched."

It's not often that the US or UK governments weigh in on the browser wars, but a new Internet Explorer vulnerability -- one that affects all major versions of the browser from the past decade -- has forced them to raise an alarm: Stop using IE.

The zero-day exploit -- the term given to a previously unknown, unpatched flaw -- allows attackers to install malware on your computer without your permission. That malware could be used to steal personal data, track online behavior, or gain control of the computer. Security firm FireEye, which discovered the bug, said that the flaw is being used with a known Flash-based exploit technique to attack financial and defense organizations in the US via Internet Explorer 9, 10, and 11. Those versions of the browser run on Microsoft's Windows Vista, Windows 7, and Windows 8, although the exploit is present in Internet Explorer 6 and above.

While the Computer Emergency Readiness Team in England and the US regularly issue browser advisories, this is one of the few times that the CERT team has recommended that people avoid using a particular browser. Specifically, the advisory says administrators and users should "review Microsoft Security Advisory 2963983 for mitigation actions and workarounds" and that people who can't implement those stopgap measures, Windows XP users among them, "may consider employing an alternate browser."

Continued : http://www.cnet.com/news/stop-using-ie-until-bug-is-fixed-says-us/

( Highlight by me )
- Collapse -
(NT) Has anyone installed Security Advisory 2963983?
by michhala Apr 29, 2014 11:25AM PDT
- Collapse -
Enhanced Mitigation Experience Toolkit (EMET) ?
by Carol~ Apr 30, 2014 10:05AM PDT

Hi Miki..

I'm presuming by using the word 'installed', you're referring to installing the Enhanced Mitigation Experience Toolkit. Confused I can't say I have, but then again I don't use Internet Explorer. Hopefully in time, you'll get the feedback you're looking for.

See the bottom of the below post (Subject: "Microsoft Security Advisory 2963983 revised.. "), where the blog post at Microsoft's Security Research and Defense Blog offers pros and cons for the different workarounds. It may (or may not) help with your decision-making.

If you don't want to switch to another browser for the time being, you might want to consider some of the workarounds offered. Your choice.

A tailored workaound just fo you: Stay off the net. And dance the days and nights away, until a patch is released. Grin

Carol

- Collapse -
As already noted..
by Carol~ May 1, 2014 9:01AM PDT
- Collapse -
Carol
by michhala May 1, 2014 11:30AM PDT

I am dealing with a bad case of flu and fever and my brain cannot wrap itself around this Security Update. I do not understand any of it. Is 2963983 an actual update to be installed as other updates or what!....miki

- Collapse -
Thank you, Carol....
by michhala May 1, 2014 2:37PM PDT

I appreciate, as always.....think I will wait until after tomorrow's MS discussion and install Critical: MS14-021 - Security Update for Internet Explorer (2965111). I have already changed some suggested settings in IE 11 Internet Explorer/Internet Options/Security settings.

Miki

Windows 7 64-bit Home Edition
IE 11

- Collapse -
Microsoft Security Advisory 2963983 revised..
by Carol~ Apr 30, 2014 8:44AM PDT

Microsoft has revised (V1.1) Security Advisory 2963983 to clarify workarounds to help prevent exploitation of the vulnerability. See the Advisory FAQ for details.

The FAQ where the revision addresses the role of Enhanced Protected Mode and VGX.DLL :

Why was this advisory revised on April 29, 2014?
Microsoft revised this advisory for the following reasons:

• To clarify that the Enhanced Protected Mode workaround applies to both Internet Explorer 10 and Internet Explorer 11.
• To update the workaround steps for the Unregister VGX.DLL workaround to include running the command from an elevated command prompt and instructions for running the command for both 32-bit and 64-bit systems.
• To remove the Access Control List on VGX.DLL workaround. This workaround will still help protect users from the vulnerability, but it is no longer recommended by Microsoft because it has the same effect as the Unregister VGX.DLL workaround and is harder to deploy.

If I applied the Access Control List on VGX.DLL to be more restrictive workaround previously described in this advisory, how do I undo the workaround if Microsoft releases a security update for this vulnerability?

If you applied the Access Control List (ACL) on VGX.DLL to be more restrictive workaround, software that redistributes vgx.dll may fail to install. Before this software can be installed, you must revert this workaround to the previous ACL configuration for vgx.dll. To undo the workaround:

1. To revert to the previous ACL configuration for vgx.dll, from an elevated command prompt, enter the following command and replace the ACL on vgx.dll with the ACL's it previously had, which were recorded in step 2 of the workaround. The command line to do so will vary depending on your environment:

echo y| cacls "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll" /g original ACL's
2. Close and reopen Internet Explorer for the changes to take effect.

Security Advisory 2963983 - Version: 1.1 : https://technet.microsoft.com/en-US/library/security/2963983
Advisory FAQ: https://technet.microsoft.com/library/security/2963983#ID0EEEAC

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

@ the Microsoft Security Research and Defense Blog : Protection strategies for the Security Advisory 2963983 IE 0day

Note: Elia Florio and Jonathan Ness address customer inquiries about all the workarounds. They end with .....

Choosing the best workaround for your environment

The security advisory provides several different recommended workarounds because each customer environment is different and there might be a different "best" workaround for different customers. Each workaround has different pros and cons, described below.

Continued : http://blogs.technet.com/b/srd/archive/2014/04/30/protection-strategies-for-the-security-advisory-2963983-ie-0day.aspx

- Collapse -
Out-of-Band Security Update Released..
by Carol~ May 1, 2014 8:54AM PDT
- Collapse -
Help -- Cannot find a link to....
by michhala May 2, 2014 7:27PM PDT

Out-of-Band Security Update for Internet Explorer (2965111) Do not see it in my Windows Update....miki

Windows 7 64-bit
Internet Explorer ll

- Collapse -
It will be offered to you via Windows Update.
by MarkFlax Forum moderator May 2, 2014 7:34PM PDT

Hi Miki.

Don't worry if you haven't had it yet, it may take a few days to roll out to everyone.


Make sure your Windows Update settings allow for notification of new updates available.


Mark

- Collapse -
Thank you, Mark
by michhala May 2, 2014 8:41PM PDT

My Windows Updates is set to give me updates but let me choose whether to download/install. Does the Out-of-Band show as 2965111?

- Collapse -
That might depend, but
by MarkFlax Forum moderator May 2, 2014 9:18PM PDT

have a look at Carol's post here;
Out-of-Band Security Update for IE Zero-Day Vulnerability

That mentions the same "Security Update for Internet Explorer (2965111)" that you have stated. See if that helps.

I only said in my subject line, "That might depend", because when I read Carol's new sticky post at;
Microsoft releases Security Advisory 2963983,
I couldn't match up any of the KB's or Security Advisory's with the Windows Update I had just been offered.

This puzzled me. My own update was KB296438 and links to http://support.microsoft.com/kb/2964358

I knew this was the same bug fix but it wasn't until I read more that I realised what the difference was. It all depends what updates the Windows system being updated has had previously. Example, in my case, the MS link says;

"Description of the security update for Internet Explorer for systems that have security update 2929437 installed: {this bulletin dated} May 1, 2014", (I have added the note about the date to avoid confusion), meaning since my system had had 2929437 previously, this new bug fix was via 2964358 and not via 2963983.

All very confusing, but I trusted MS to choose the correct update for my system.

Does any of that help? Devil

Mark

- Collapse -
I understand, Mark...
by michhala May 2, 2014 9:49PM PDT

....that it all depends what updates are already on the Windows system, but still cannot make sense of it. I received today four Windows Updates. Only one was checked, so I downloaded/installed that one -- Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB293606Cool was installed.

Unchecked updates:

Cumulative Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB2929437)

Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB2964444)

Update for Windows 7 for x64-based Systems (KB2952664)

Your help appreciated.

Miki
Windows 7 64-bit IE11

- Collapse -
Someone please give me a clue
by michhala May 3, 2014 3:14AM PDT

Please see my post, "I understand, Mark...."

- Collapse -
Sorry
by MarkFlax Forum moderator May 3, 2014 4:12AM PDT

Sorry Miki, I logged off for a while.

Tell me about the history of your system. You say it is Windows 7 x64 bit, but has it ever been anything else? I mean have you upgraded from an older OS?

I ask because of http://support.microsoft.com/kb/2936068 , (I typed KB2936068 into Google and this was the first hit).

Under "More information" I read the following;

Security update 2936068 packages for Windows XP and for Windows Server 2003 include Internet Explorer hotfix files and general distribution release (GDR) files. If no existing Internet Explorer files are from the hotfix environment, security update 2936068 installs the GDR files.

I also Googled KB2929437 and got http://support.microsoft.com/kb/2929437 which talks "Developer Tools" under More Information.

I'm guessing that the last 2 you mentioned will also relate to 'other; aspects of IE11.

I don't pretend to understand but my guess is that the ticked option was the one your system needed and it is that what you successfully installed.

The other 3 are optional and if you don't want to install them you don't need to, they are not critical. You can hide them from the list of optional updates by right clicking each one and selecting "Hide".

I have a number of optional updates hidden in this way. But in this case I would be inclined to trust Windows Updates and install them all.

The update process creates a system restore point before installing, and this provides a fall-back should anything go wrong.

Any help?

Mark

- Collapse -
Mark -- been there, done that and more
by michhala May 3, 2014 7:01AM PDT

My computer has never been anything else except Windows 7.....SP1.
Only KB 2936068 was checked on Win Update (which I installed), but no checks for either KB2964444 nor KB2929437.
From Microsoft Security Bulletin:
'Install security update 2929437 (not checked), and then install security update 2964358 (not on Win Update list) or

Install security update 2964444 (not checked) instead of security update 2964358. Security update 2964444 is intended for systems that do not have security update 2929437 installed.'
My Win Update for Internet Explorer listed only: KB2929437 not checked; KB2964444 not checked; and KB2936068 which was checked and installed.
BTW I have IE 11.05.

- Collapse -
ADDENDUM
by michhala May 3, 2014 7:15AM PDT

".......customers running Internet Explorer 11 on Windows 7 and Windows Server 2008 R2 also can choose a cumulative update: KB2929437. In addition to previous updates for Internet Explorer 11 on these operating systems, it includes enhancements such as improved Internet Explorer 11 compatibility for enterprise applications. If you install this cumulative update, you will not need to install the KB2936068 update offered through MS14-018."

Article 2936068.m Dustin C. Childs --

- Collapse -
My method
by Bob__B May 3, 2014 9:53AM PDT

Not to imply you should do this.

When winup tells me there are updates I hide the updates that have to do with drivers and install everything else.

Yes..some of the updates are for things I'm not using.....but that's ok.
What I can't tell is if some of these updates might be needed to get future updates I do need.

I suppose Mark and others know how to pick and chose....I don't.
I just let winup keep things sorted.....so far it seems to work.

- Collapse -
Bob B
by michhala May 3, 2014 10:34AM PDT

Appreciate your post, but it is unrelated to the problem I am having and the info I am trying to get. That said, I do not allow winup to install drivers either. However, I go through the updates and hide those for which I have no use. Miki

- Collapse -
I am done...
by michhala May 3, 2014 1:01PM PDT

I chose the second option listed below and installed 2964444, which was listed but unchecked on my Windows Update.


From Microsoft Security Bulletin:

Install security update 2929437, and then install security update 2964358.

Install security update 2964444 instead of security update 2964358. Security update 2964444 is intended for systems that do not have security update 2929437 installed.

Hope I did the right thing........Miki

Windows 7 Home, IE 11.05

- Collapse -
What I was trying to say
by Bob__B May 4, 2014 3:17AM PDT

Not very well I'm sure.

You might be getting twisted up by hiding/not installing updates.
I let them all install...sans drivers.
On this w7 machine winup fed me kb2964358....no fuss.

- Collapse -
Hi Bob
by michhala May 4, 2014 3:53AM PDT

I believe my posts on this thread seem "twisted up", but I am really O.K.

There are times when "recommended" Updates are listed that I really do not need and they get hidden. I seldom hide "critical" or "important" Updates. There are also times an Update does not have a checkmark and often it is because it is a less than perfect update, and it is better to wait for a better version, which usually is released at a future date.

My other post reply to you was rude and I apologize......methinks I was angry at Microsoft Happy

Miki

- Collapse -
Looks like you're all fixed.
by MarkFlax Forum moderator May 4, 2014 4:36AM PDT

I read your later posts and bob b's as well.

Frankly I am clueless with the complexity of this particular IE update. It seems you have sorted yourself out Miki and well done.

I couldn't have done any better myself.

Mark

- Collapse -
Mark...
by michhala May 4, 2014 7:31AM PDT

Mark -- Thank you for your always helpful and willing attitude.

What really surprised me is that there was not an actual discussion on the forum re the important, but confusing, out-of-band update. There used to be a time when I had a problem it brought responses from many technically endowed posters. I always learned so much from them as they helped me find a solution.

Happy Sunday......Miki

Back to Spyware, Viruses, & Security forum

CNET Forums

Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Brand Forums
Roadshow Autos
Off Topic

Other Forums

Forum Info