cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Level 13
Report Inappropriate Content
Message 1 of 3

Whats your mitigation plan for CVE-2013-3893 Microsoft Security Advisory (2887505)

Jump to solution

Hi All,

What are you plan's for any mitigation for the recently announced CVE-2013-3893 that affects all IE version (more info: http://technet.microsoft.com/en-us/security/advisory/2887505 )

There is a fixit here: https://support.microsoft.com/kb/2887505 which is just an MSI to download and run to mitigate if you are up to date with patching (needs

2870699 MS13-069: Cumulative security update for Internet Explorer: September 10, 2013 installed to work)

I am hopeful that VSE/HIPS/Webgateway or something mcafee related and already deployed is going to save me from having to do any work.

thanks,

Pierce

1 Solution

Accepted Solutions
Highlighted
Level 12
Report Inappropriate Content
Message 2 of 3

Re: Whats your mitigation plan for CVE-2013-3893 Microsoft Security Advisory (2887505)

Jump to solution

This issue is now covered in a patch issued by Microsoft, but when I see questions like this, the penetration tester in me bristles.   Nothing McAfee deploys except MAYBE application whitelisting is likely to help relieve a need to apply mitigations to a browser vulnerability for which an exploit has been publicly released.  

VSE and HIPS  only know about varieties of exploits that they know about. They don't know of all possible exploits for a given browser vulnerability, or all the automaticlaly generateable unique variants that a given exploit framework such as Metasploit Canvas or Core Impact can be configured to generate.       Webgateway, as well, will only catch exploits it knows about ... perhaps some site categorization will save you in some cases, but in general... no. 

The right thing to have done on this one is to deploy the fixit, or to have already hardened IE installations with EMET,   to alert users to use an alternative browser (and backstop it with a web gateway policy to block Internet Explorer by user agent... which admittedly would be very hard to handle politically in most environments)  .

Security tools (other than whtelisting) won't save you from a browser or plugin vulnerability.     And even white listing would be iffy here.

At best, they'll save you from very very common variants of a given exploit.   The more people understand how evadeable  anti-virus and IPS are, the better able to raise the security bar we'll all be as security practitioners.

This is not to say that IPS and AV don't have their place--they do, but defense in depth is the goal, not hoping security alarm goes off when an intruder jumps through an already open window.    To extend a bad metaphor,  the mitigation is to close the window.. which in this case was do-able via the Fixit or having Microsoft EMET deployed.

View solution in original post

2 Replies
Highlighted
Level 12
Report Inappropriate Content
Message 2 of 3

Re: Whats your mitigation plan for CVE-2013-3893 Microsoft Security Advisory (2887505)

Jump to solution

This issue is now covered in a patch issued by Microsoft, but when I see questions like this, the penetration tester in me bristles.   Nothing McAfee deploys except MAYBE application whitelisting is likely to help relieve a need to apply mitigations to a browser vulnerability for which an exploit has been publicly released.  

VSE and HIPS  only know about varieties of exploits that they know about. They don't know of all possible exploits for a given browser vulnerability, or all the automaticlaly generateable unique variants that a given exploit framework such as Metasploit Canvas or Core Impact can be configured to generate.       Webgateway, as well, will only catch exploits it knows about ... perhaps some site categorization will save you in some cases, but in general... no. 

The right thing to have done on this one is to deploy the fixit, or to have already hardened IE installations with EMET,   to alert users to use an alternative browser (and backstop it with a web gateway policy to block Internet Explorer by user agent... which admittedly would be very hard to handle politically in most environments)  .

Security tools (other than whtelisting) won't save you from a browser or plugin vulnerability.     And even white listing would be iffy here.

At best, they'll save you from very very common variants of a given exploit.   The more people understand how evadeable  anti-virus and IPS are, the better able to raise the security bar we'll all be as security practitioners.

This is not to say that IPS and AV don't have their place--they do, but defense in depth is the goal, not hoping security alarm goes off when an intruder jumps through an already open window.    To extend a bad metaphor,  the mitigation is to close the window.. which in this case was do-able via the Fixit or having Microsoft EMET deployed.

View solution in original post

Level 13
Report Inappropriate Content
Message 3 of 3

Re: Whats your mitigation plan for CVE-2013-3893 Microsoft Security Advisory (2887505)

Jump to solution

Hi Regis,

thanks for the detailed response and adding more information around what protection the VSE/HIPs/Web gateway provide.

We explored the fixit in the end but we did not have enough coverage of the needed security patch! In the end we decided to focus on the patching to get up to date and then catch the full fix when released (we also didnt have any experience with the fixit's).

I suppose my question was more around priority, if i have ten things to do, it is worth messing around with fixit's when we have other mitigations in place and other things to focus on.

thanks again 🙂

Pierce

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community