EMET and IE 0 day ie_execcommand_uaf

Posted on Updated on

Update: Microsoft has issued a “Fix it” for this issue. A offical patch should be in place tomorrow 21-Sept-2012.

A new IE zero-day is out and is available from Metasploit.  I needed to find out if EMET would protect against this. My two platforms I tested on were Windows 7 (Full patched) and Windows XP SP3 (fresh install) with IE 7.  I tested EMET 3.0 and EMET 2.1 to make sure that both versions prevented the exploit.

The Metasploit exploit worked flawlessly on Windows 7. I then enabled EMET and added the IE executable to the protected programs.  With both versions of EMET  prevented the exploit. The odd thing is that EMET 3.0 is suppose to generate a pop-up and create an event log when it catches an exploit. It did not notify me during any of my tests. On Windows XP SP3 with IE 7, as expected, the exploit worked when EMET was not configured. Once setup to protect IE, the exploit failed to run.

While having individual users at home switch to another browser (e.g. Chrome) make sense, for large cooperate environments deploying EMET will give you a stop gap for many of the exploits that we see.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s