Have you been struggling to mitigate the risks, prevent vulnerabilities from being exploited and minimize disruption of your environment of legacy products or third party applications? If yes, then
help is now available to you from Microsoft
free of charge through a tool Enhanced Mitigation Experience Toolkit (EMET). The goals for EMET are:
•Leverage the tool for vulnerabilities under active exploitation to help customers prevent themselves from being exploited.
•Give customers the ability to use newer mitigation technologies to help protect older applications that cannot be recompiled to opt into them.
•Provide a central interface to make it easier for users to manage both system and application mitigations
EMET provides users with the ability to deploy security mitigation technologies to arbitrary applications. Doing so helps to prevent vulnerabilities in those applications (especially line of business and 3rd party apps) from successfully being exploited. It also responds to requests from customers to help manage risk in older, legacy products while they are in the process of transitioning over to modern, more secure products. Beyond that it makes it easy for customers to try mitigations against any software. While EMET can be used by anybody, it is primarily targeted at protecting applications on machines that are at high risk for attack. It helps you to harden applications be it line of business applications on backend servers or browsers on the desktops.
I am sure you would be interested in this tool and you can click here to download the tool free of charge! Microsoft has also put together a video for you. The video gives an even more in-depth look at some of the security mitigations offered by the tool. You can watch the video online here.
EMET provides a total of six mitigations:-
•Dynamic Data Execution Prevention (DEP) - DEP has been available since Windows XP. However, current configuration options don't allow applications to be opted in on an individual basis unless they are compiled with a special flag. EMET allows applications compiled without that flag to also be opted.
•Structure Exception Handler Overwrite Protection (SEHOP) - This protects against currently the most common technique for exploiting stack overflows in Windows. This mitigation has shipped with Windows since Windows Vista SP1. Recently with Windows 7, the ability to turn it on and off per process was added. With EMET, Microsoft provides the Windows 7 capabilities on any platform back though Windows XP.
•Heap Spray Allocation - When an exploit runs, it often cannot be sure of the address where its shellcode resides and must make a case when taking control of the instruction pointer. To increase the odds of success, most exploits now use heapspray techniques to place copies of their shellcode at as many memory locations as possible. This mitigation blocks the use of addresses most common in today's exploits.
•Null Page Allocation - This is similar technology to the heap spray allocation, but designed to prevent potential null dereference issues in usermode. Currently there are no known ways to exploit them and thus this is a defense in depth mitigation technology.
•Export Address Table Access Filtering - This mitigation is designed to break nearly all shell code in use today. Before a piece of shellcode can do anything useful, it generally has to locate
EMET provides a total of six mitigations:-
•Dynamic Data Execution Prevention (DEP) - DEP has been available since Windows XP. However, current configuration options don't allow applications to be opted in on an individual basis unless they are compiled with a special flag. EMET allows applications compiled without that flag to also be opted.
•Structure Exception Handler Overwrite Protection (SEHOP) - This protects against currently the most common technique for exploiting stack overflows in Windows. This mitigation has shipped with Windows since Windows Vista SP1. Recently with Windows 7, the ability to turn it on and off per process was added. With EMET, Microsoft provides the Windows 7 capabilities on any platform back though Windows XP.
•Heap Spray Allocation - When an exploit runs, it often cannot be sure of the address where its shellcode resides and must make a case when taking control of the instruction pointer. To increase the odds of success, most exploits now use heapspray techniques to place copies of their shellcode at as many memory locations as possible. This mitigation blocks the use of addresses most common in today's exploits.
•Null Page Allocation - This is similar technology to the heap spray allocation, but designed to prevent potential null dereference issues in usermode. Currently there are no known ways to exploit them and thus this is a defense in depth mitigation technology.
•Export Address Table Access Filtering - This mitigation is designed to break nearly all shell code in use today. Before a piece of shellcode can do anything useful, it generally has to locate windows APIs first. This mitigation blocks a common current technique shellcode uses to do this.
•Mandatory Address Space Layout Randomization (ASLR) - ASLR randomizes the addresses where modules are loaded to help prevent an attacker from leveraging data at predictable locations. The problem with this is that all modules have to use a compile time flag to opt into this. With EMET, we force modules to be loaded at randomized addresses for a target process regardless of the flags it was compiled with.
I would encourage you to go ahead and use this tool, harden your applications and minimize the disruptions in your environment.
Sanjay Bahl is the Chief Security Officer for Microsoft Corporation (India) Pvt. Ltd., and is a member of various security committees at national and International level.
What is the purpose of this alert?
This alert is to notify you that Microsoft has released Security Advisory 2416728 - Vulnerability in ASP.NET Could Allow Information Disclosure -- on September 17, 2010.
Summary
Microsoft is investigating a new public report of a vulnerability in ASP.NET. An attacker who exploited this vulnerability could view data, such as the View State, which was encrypted by the target server, or read data from files on the target server, such as web.config. This would allow the attacker to tamper with the contents of the data. By sending back the altered contents to an affected server, the attacker could observe the error codes returned by the server. We are not aware of attacks that try to use the reported vulnerabilities or of customer impact at this time.
We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers.
Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.
Mitigating Factors
•Microsoft has not identified any mitigations for this vulnerability.
Operating SystemComponent
Windows XP
Windows XP Media Center Edition 2005 and Windows XP Tablet PC Edition 2005 Microsoft .NET Framework 1.0 Service Pack 3
Windows XP Service Pack 3 Microsoft .NET Framework 1.1 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5 Service Pack 1
Microsoft .NET Framework 4.0
Windows XP Professional x64 Edition Service Pack 2 Microsoft .NET Framework 1.1 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5 Service Pack 1
Microsoft .NET Framework 4.0
Windows Server 2003
Windows Server 2003 Service Pack 2Microsoft .NET Framework 1.1 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5 Service Pack 1
Microsoft .NET Framework 4.0
Windows Server 2003 x64 Edition Service Pack 2 Microsoft .NET Framework 1.1 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5 Service Pack 1
Microsoft .NET Framework 4.0
Windows Server 2003 with SP2 for Itanium-based SystemsMicrosoft .NET Framework 1.1 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5 Service Pack 1
Microsoft .NET Framework 4.0
Windows Vista
Windows Vista Service Pack 1Microsoft .NET Framework 1.1 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5 Service Pack 1
Microsoft .NET Framework 4.0
Windows Vista Service Pack 2Microsoft .NET Framework 1.1 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.5 Service Pack 1
Microsoft .NET Framework 4.0
Windows Vista x64 Edition Service Pack 1Microsoft .NET Framework 1.1 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5 Service Pack 1
Microsoft .NET Framework 4.0
Windows Vista x64 Edition Service Pack 2Microsoft .NET Framework 1.1 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.5 Service Pack 1
Microsoft .NET Framework 4.0
Windows Server 2008
Windows Server 2008 for 32-bit SystemsMicrosoft .NET Framework 1.1 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5 Service Pack 1
Microsoft .NET Framework 4.0
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2Microsoft .NET Framework 1.1 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.5 Service Pack 1
Microsoft .NET Framework 4.0
Windows Server 2008 for x64-based SystemsMicrosoft .NET Framework 1.1 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5 Service Pack 1
Microsoft .NET Framework 4.0
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2Microsoft .NET Framework 1.1 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.5 Service Pack 1
Microsoft .NET Framework 4.0
Windows Server 2008 for Itanium-based SystemsMicrosoft .NET Framework 1.1 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5 Service Pack 1
Microsoft .NET Framework 4.0
Windows Server 2008 for Itanium-based Systems Service Pack 2Microsoft .NET Framework 1.1 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.5 Service Pack 1
Microsoft .NET Framework 4.0
Windows 7
Windows 7 for 32-bit SystemsMicrosoft .NET Framework 3.5.1
Microsoft .NET Framework 4.0
Windows 7 for x64-based SystemsMicrosoft .NET Framework 3.5.1
Microsoft .NET Framework 4.0
Windows Server 2008 R2
Windows Server 2008 R2 for x64-based Systems Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4.0
Windows Server 2008 R2 for Itanium-based systems Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4.0
Recommendations
Review Microsoft Security Advisory 2416728 for an overview of the issue, details on affected components, mitigating factors, workarounds, suggested actions, frequently asked questions (FAQs), and links to additional resources.
Customers who believe they are affected can contact Customer Service and Support (CSS) in North America for help with security update issues or viruses at no charge using the PC Safety line (866) PCSAFETY. International customers can contact Customer Service and Support by using any method found at http://www.microsoft.com/protect/worldwide/default.mspx.
Additional Resources
•Microsoft Advisory 2416728 - Vulnerability in ASP.NET Could Allow Information Disclosure
•Microsoft Security Response Center (MSRC) Blog
•Microsoft Security Research & Defense (SRD) Blog
•Microsoft Malware Protection Center (MMPC) Blog
Regarding Information Consistency
We strive to provide you with accurate information in static (this mail) and dynamic (web-based) content. Microsoft's security content posted to the Web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft's web-based security content, the information in Microsoft's web-based security content is authoritative.
Thank you,
Microsoft CSS Security Team
Sincerely
Gurbinder Sharma
Partner Microsoft Online
No comments:
Post a Comment