Tuesday, March 28, 2006

Fix for IE

When there is a 0-day situation because of a vulnerability that hasn't been patched, it's even more trouble than when the vendor has patched the problem and disclosed it. On Friday, we started noticing that there were a number of PoC's that exploited CVE-2006-1359. Even though our Memory Firewall technology protects against this vulnerability out of the box, we're not widely deployed on desktop systems (yet).

Back in December Ilfak decided to do something similar for the WMF vulnerability and we took note because he did a one-off of the thing that we do for a living around here. We thought it was very cool because it solved the problem and a lot of people downloaded his patch as a temporary workaround. Hats off to Ilfak for inspiring us.

So we decided Friday afternoon that it would be a public service to the community if we created a one-off 'fix' that employed elements of our LiveShield technology to have a quick downloadable exe that would repair the problem once and for all. By Saturday afternoon, Alex had produced the fix and Monday was spent packaging and testing the fix . Our fix literally changes only one byte of code in the executable and addresses the root vulnerability.

We released it last evening, complete with the source so that independent parties could decide whether or not it is a fix. Here are some relevant links.
Now, this disclosure was important enough that the guys at eEye also tried to address the issue. Of course, I like our fix better because when the Microsoft patch comes out, you don't have to take any action, you just get the vendor's patch. I haven't done much analysis of their fix, but I think you have to go through an uninstall procedure with theirs.

0 Comments:

Post a Comment

<< back