Rapid7 Blog

Internet Explorer  

CVE-2017-3823: Remote Code Execution Vulnerability in Cisco WebEx Browser Plugin

On January 21st 2017, Google's Project Zero disclosed a vulnerability in Cisco's WebEx browser plugin extension that could allow attackers to perform a remote code execution (RCE) exploit on any Windows host running the plugin. An initial fix was pushed out by Cisco that warned…

Using Reflective DLL Injection to exploit IE Elevation Policies

As you are probably aware, sandbox bypasses are becoming a MUST when exploiting desktop applications such as Internet Explorer. One interesting class of sandbox bypasses abuse IE's Elevation Policies. An example of this type of sandbox bypass is CVE-2015-0016. The vulnerability has already been analyzed…

Patch Tuesday - September 2014

It's a light round of Microsoft Patching this month.  Only four advisories, of which only one is critical.  The sole critical issue this month is the expected Internet Explorer roll up affecting all supported (and likely some unsupported) versions.  This IE roll…

August Patch Tuesday

Microsoft clearly wants everyone to shake off the dog days of summer and pay attention to patching.  This month's advance notice contains nine advisories spanning a range of MSFT products.  We have the ubiquitous Internet Explorer all supported versions patch (MS14-051), with the…

Patch Tuesday, June 2014

Patch Tuesday, June 2014 delivers seven advisories, of them, two critical, five important – one of which is the seldom seen “tampering” type.The remarkable item in this month's advisories is MS14-035, the Internet Explorer patch affecting all supported versions.  That in…

Patch Tuesday, May 2014 - Lots going on

There is a lot going on in the updates from Microsoft this month, including some very interesting and long time coming changes. Also, it's the highest volume of advisories so far this year, with eight dropping on us, two of which are labelled as critical.…

Are your users exposed to IE 0-Day? Find out who is still using IE in your organization

As many security professionals, you probably sent an email to your users in the last couple of days asking them NOT to use Internet Explorer as their browser in light of the latest IE Zero Day vulnerability. However, you may be lacking visibility to user…

If you lived here, you'd be home now - thoughts on an IE 0-day

Growing up around Boston, I remember seeing the famous billboards for the Charles River Park apartments: "If You Lived Here, You'd Be Home Now".  These signs were placed strategically, almost sadistically, on Storrow Drive where they were seen every day by the thousands of…

IE 0-day, we got you covered

News broke this weekend of yet another IE 0-day under ("limited, targeted") exploitation in the wild.  Microsoft responded with an advisory, but no patches yet.  Given that the risk from the known exploit is mitigated by the usual defence in depth tactics I…

Patch Tuesday - March 2014

Microsoft's March Patch Tuesday again came in on the lighter side of some months.  This continues the 2014 trend of smaller Patch Tuesdays.  We only see 2 issues that are critical/remote code execution, one of which is the usual IE (MS14-012), the…

Patch Tuesday October 2013

It's been an interesting month for the Microsoft Security watchers of the world. If your job depends on securing systems running Windows, you should be eagerly awaiting the patch for the Internet Explorer (IE) 0-day (CVE-2013-3893: SetMouseCapture Use-After-Free) vulnerability in today's Patch Tuesday (MS13-080). Exploitation…

Weekly Update: MSIE Exploit Disclosure, new CMDStager, and unattended.xml snarfing

MSIE exploit for CVE-2013-3893This week, you might have seen some press on our new exploit for CVE-2013-3893, some of which engages in that favorite infosec dichotomy of full disclosure vs "responsible" disclosure. First, if you want some technical details on the exploit development process used…

IE 0-day: exploit code is now widely available (CVE-2013-3893)

Any newly discovered Internet Explorer zero day vulnerability is bad for users. But once the exploit code gets around to public disclosure sites, it's so much worse. In the past day or so exploit code has been submitted to virustotal.com and scumware.org. …

Department of Labor IE 0-day Exploit (CVE-2013-1347) Now Available at Metasploit

Recently, the U.S. Department of Labor website was compromised and had been serving malicious code, capable of detecting and disabling some antivirus products such as Avira, F-Secure, Kaspersky, AVG, Sophos, etc.  It would also attack Internet Explorer 8 users with an 0-day exploit.  The…

Weekly Metasploit Update: MSIE and Poison Ivy Returns

Yo Dawg, I Heard You Like 0-DayAs you may have heard, on Monday we rolled out a special update to Metasploit to include the new Internet Explorer use-after-free exploit, aka, CVE-2012-4969. Last night, while scrolling through my RSS feed for security news, I saw this…

Featured Research

National Exposure Index 2017

The National Exposure Index is an exploration of data derived from Project Sonar, Rapid7's security research project that gains insights into global exposure to common vulnerabilities through internet-wide surveys.

Learn More

Toolkit

Make Your SIEM Project a Success with Rapid7

In this toolkit, get access to Gartner's report “Overcoming Common Causes for SIEM Solution Deployment Failures,” which details why organizations are struggling to unify their data and find answers from it. Also get the Rapid7 companion guide with helpful recommendations on approaching your SIEM needs.

Download Now

Featured Research

Quarterly Threat Report

Rapid7’s Quarterly Threat Report leverages intelligence from our extensive network—including the Insight platform, managed detection and response engagements, Project Sonar, Heisenberg Cloud, and the Metasploit community—to put today’s shifting threat landscape into perspective. It gives you a clear picture of the threats that you face within your unique industry, and how those threats change throughout the year.

Learn More