Teacup, Meet Storm, pt. III: The IE6 Google Attack Flaw

Ah, the security vulnerability that was used in the Google attack. It’s been around the internet about a million times now, and even governments have started advising people to move away from Internet Explorer. As is usually the case, however, the internet has really blown the vulnerability out of proportion. I’ll get right to it: if your machine and/or network has been compromised via this vulnerability, then you most likely had it coming. No sympathy for you.

That sounds really harsh, so let me back it up with some explanations. The vulnerability in question is Microsoft Security Advisory 979352, and “[it] is an Internet Explorer memory corruption issue triggered by an attacker using JavaScript to copy, release, and then later reference a specific Document Object Model element. If an attacker is able to prepare memory with attack code, the reference to a random location of freed memory could result in execution of the attacker’s code.”

While this all sounds mighty serious, reality is different. If you look at all the brouhaha on the net, you’d think that everyone running Internet Explorer and Windows is vulnerable to this attack, and that it disembowels tiny kittens. Luckily, though, that’s not the case – this attack is remarkably low-impact, and if you are affected, than it is probably your own fault.

That’s because this vulnerability only affects users of Internet Explorer 6 on Windows XP. If you’re still running that configuration by choice, then it’s your own fault if you get bitten. It’s like complaining Ford’s cars aren’t safe because you crashed and died while driving one while wearing a blindfold. If your corporate network still uses IE6, the same thing applies. Of course, there are still a number of tools that are designed for IE6, but that’s something the developers of those tools should be ashamed of.

Windows XP with Internet Explorer 7/8, Windows Vista, and Windows 7 are all secure, despite the fact that the exploitable code exists in those versions of Internet Explorer too – which sounds weird, until you realise that these newer pieces of software benefit from Microsoft’s 2002 Trustworthy Computing initiative, which implemented a company-wide focus on security in the development process.

As you can see, both IE Protected Mode and Data Execution Prevention play a major role in mitigating this flaw, perfectly illustrating why features like this should be part of an operating system: layered security. Due to the proper design of Windows Vista and 7 (there, I said it) a potentially dangerous flaw has been rendered completely useless. Despite currently not at risk, users of Windows XP SP2/SP3, as well as Vista users running IE7, should enable DEP anyway.

By the way, I left Windows 2000 off the chart since it’s no longer sold. In case you’re curious: yes, IE6 on Windows 2000 is exploitable. Sadly, there’s no fix because you can’t upgrade to newer versions of IE. Moving solidly into Irrelevantland now: IE5 is not affected.

Microsoft advises users to upgrade to newer versions of IE and/or Windows. “We recommend users of IE6 on Windows XP upgrade to a new version of Internet Explorer and/or enable DEP,” Microsoft writes, “Users of other platforms are at reduced risk. We also recommend users of Windows XP upgrade to newer versions of Windows.” Or, switch to a non-IE browser, or even a non-Windows operating system, of course.

In any case, the outstanding security track record of Windows Vista and Windows 7 remains largly untarnished. I never thought I’d say this, but hats off to the Windows team for (finally) delivering solid, secure products.

Now, if you don’t mind, I’m going to see if the pigs at the farms here in my home town are where they’re supposed to be.

68 Comments

  1. Drumhellar 2010-01-18 10:19 pm EST
    • SlackerJack 2010-01-18 10:43 pm EST
    • Bill Shooter of Bul 2010-01-18 10:43 pm EST
  2. ephemient 2010-01-18 10:48 pm EST
    • umccullough 2010-01-18 10:54 pm EST
      • kragil 2010-01-19 4:06 pm EST
        • Thom Holwerda 2010-01-19 4:28 pm EST
          • kragil 2010-01-19 4:49 pm EST
          • Thom Holwerda 2010-01-19 4:54 pm EST
          • kragil 2010-01-19 10:09 pm EST
  3. umccullough 2010-01-18 10:48 pm EST
    • DrillSgt 2010-01-19 2:32 pm EST
    • gustl 2010-01-19 3:15 pm EST
      • larwilliams2 2010-01-19 3:48 pm EST
  4. kragil 2010-01-18 10:52 pm EST
    • Thom Holwerda 2010-01-18 11:00 pm EST
      • kragil 2010-01-18 11:18 pm EST
        • nt_jerkface 2010-01-19 2:33 am EST
          • Bryan 2010-01-19 4:14 am EST
          • kragil 2010-01-19 11:04 am EST
          • abraxas 2010-01-19 9:16 pm EST
        • Karitku 2010-01-19 8:04 am EST
          • cb_osn 2010-01-19 8:23 am EST
      • Kroc 2010-01-18 11:22 pm EST
        • Bryan 2010-01-19 4:56 am EST
      • abraxas 2010-01-18 11:58 pm EST
        • kragil 2010-01-19 12:15 am EST
          • Thom Holwerda 2010-01-19 12:30 am EST
          • kragil 2010-01-19 12:48 am EST
          • google_ninja 2010-01-19 1:47 pm EST
          • Bill Shooter of Bul 2010-01-19 4:44 pm EST
          • nt_jerkface 2010-01-19 2:59 am EST
          • Cody Evans 2010-01-19 3:52 am EST
  5. JoeBuck 2010-01-19 12:00 am EST
  6. Johnny 2010-01-19 12:02 am EST
    • lemur2 2010-01-19 2:20 am EST
  7. Chris Nillissen 2010-01-19 12:13 am EST
    • jack_perry 2010-01-19 1:56 am EST
      • nt_jerkface 2010-01-19 2:40 am EST
        • jack_perry 2010-01-19 11:32 pm EST
      • jabbotts 2010-01-19 5:35 pm EST
  8. Chris Nillissen 2010-01-19 12:14 am EST
  9. smitty 2010-01-19 1:38 am EST
    • kragil 2010-01-19 1:58 am EST
      • nt_jerkface 2010-01-19 2:53 am EST
        • kragil 2010-01-19 3:30 am EST
          • nt_jerkface 2010-01-19 4:35 am EST
          • kragil 2010-01-19 12:54 pm EST
          • larwilliams2 2010-01-19 3:45 pm EST
      • Bounty 2010-01-19 4:32 pm EST
  10. TechGeek 2010-01-19 4:09 am EST
    • nt_jerkface 2010-01-19 4:49 am EST
    • cb_osn 2010-01-19 5:56 am EST
      • TechGeek 2010-01-19 5:24 pm EST
        • jabbotts 2010-01-19 5:50 pm EST
  11. strcpy 2010-01-19 7:24 am EST
    • jabbotts 2010-01-19 5:55 pm EST
  12. strcpy 2010-01-19 7:29 am EST
  13. OSGuy 2010-01-19 7:58 am EST
  14. spinnekopje 2010-01-19 8:35 am EST
  15. lemur2 2010-01-19 10:32 am EST
    • strcpy 2010-01-19 2:52 pm EST
      • larwilliams2 2010-01-19 3:46 pm EST
    • jabbotts 2010-01-19 6:04 pm EST
    • deathshadow 2010-01-19 7:10 pm EST
      • boldingd 2010-01-19 10:30 pm EST
  16. TemporalBeing 2010-01-19 9:35 pm EST
  17. obsidian 2010-01-20 7:46 am EST