The Pwn2Own flaw

Jun 10, 2009 17:01 GMT  ·  By

Microsoft has released the first security update for the latest version of its browser. Internet Explorer 8 downloads became available to the public in mid-March 2009, and in parallel the successor of IE7, running on Windows 7 no less, was hacked by a security researcher participating in the CanSecWest Vancouver 2009 Pwn2Own contest. The researcher, identified only as Nils, exploited a zero-day security vulnerability in IE8 to take control over the Windows 7 machine the browser was running on. Almost three months later, Microsoft is releasing a patch designed to resolve the Critical security vulnerability.

But the fact of the matter is that Microsoft has already addressed this specific security hole, namely the HTML Objects Memory Corruption vulnerability. While the flawed code still exists in the browser, the software giant has already taken the necessary steps in order to ensure that the mitigations set in place on Windows Vista and Windows 7 could no longer be circumvented when it released the gold build of IE8.

“In the final release, a mitigation was put in to place to protect against ASLR+DEP .NET bypass used in the contest, so right now, there is no known way to attack this issue in the default configuration of IE 8 on Windows Vista. Regardless, MS09-019 addresses the underlying vulnerability which is rated as Critical on Windows XP and Windows Vista but due to IE 8’s built in mitigations, it only rates as a “3” for Windows Vista on the Exploitability Index while Windows XP is rated as “1”,” explained Jerry Bryant, Sr. security program manager lead.

In addition, users already running the latest public development milestone of Windows 7, Release Candidate Build 7100 have nothing to worry, since the vulnerability does not impact IE8 on top of this specific platform version. However, for testers that are still running Beta Build 7000 of Windows 7 and Windows Server 2008 R2 the updates can be accessed via the links below.

- Security Update for Internet Explorer 8 in Windows 7 Client Beta - Security Update for Internet Explorer 8 in Windows 7 Client Beta for x64-based Systems - Security Update for Internet Explorer 8 in Windows 7 Server Beta 64-bit Itanium Edition - Security Update for Internet Explorer 8 in Windows 7 Server Beta for x64-based Systems

Internet Explorer 8 (IE8) RTW is available for download here (for 32-bit and 64-bit flavors of Windows XP, Windows Vista, Windows Server 2003 and Windows Server 2008).