Update Windows to Avoid Vulnerability Exploits

According to the Net Applications statistics, Microsoft Windows is the most prevalent OS. In April the top operating systems in use were:

  1. Windows 7
  2. Windows XP
  3. Windows Vista

In spite of the fact that Microsoft has announced it would stop supporting Windows XP on April 2014, users are not willing to abandon the operating system they are accustomed to and upgrade to new versions Windows 7 and Windows 8.

Based on the Net Applications statistics, Internet Explorer 8.0 is the most popular browser. The rate of Explorer 8.0 installations is 4 % higher than Explorer 9.

The statistics assume a 3% decrease in popularity of Explorer 8.0 for a year. This fact speaks about browser stability and users’ preferences.

Unfortunately, the statistics do not ensure computer security. Being so widespread, the browser becomes a high priority target for attackers continue to seek out and exploit new vulnerabilities.

CGenericElement Object Use-After-Free Vulnerability (MS13-038, CVE-2013-1347 ) found in May 2013 is such a vulnerability. The vulnerability exists in Microsoft Internet Explorer because the “use-after-free” error occurs when a CGenericElement object is freed, but a reference is kept on the Document and used again during rendering.

To explore the vulnerability, let’s use an exploit that has already appeared in Metasploit Framework. We will use Windows XP SP3 with the latest updates and Internet Explorer 8 installed as a test system.

Once a web resource that contains an exploit opens, the user can see the browser pending (freezing) for several seconds making it impossible to close the browser in the usual way. The only way to end the "iexplore.exe" process is by using task manager. Meanwhile, some activity takes place in the browser process:

A notepad test module is launched and malicious code is injected into the "notepad.exe" process.

On the attacker’s server, the attack on the vulnerable system is presented as follows:



On the compromised machine, an attacker can:

  • Use the system as a temporary stage to attack further targets.
  • Obtain a higher level of access and get the Administrator privileges.
  • Disable UAC.
  • Get detailed information about OS.
  • Get full access to the file system.
  • Add user accounts.
  • Download and launch any file.
  • Steal confidential information from:
    • Browsers;
    • IM clients;
    • Skype, Bitcoin;
    • File managers;
    • FTP, SFTP, SSH, SCP clients;
    • Email clients;
    • Standard Windows storages;
    • Wireless connection system.
  • Listen to the microphone, capture web-camera screenshots, track keystrokes.
  • Get full control of the system using Remote Desktop.
  • Restore deleted files.
  • Explore network environment of the compromised system.
  • Perform injections of the malicious code into the address space of any process:

  • Almost 24% of users have a risk of attack and infection of their PCs by attackers. These are Windows XP SP3 users and those ones who use Internet Explorer 8 as a default browser.

    To prevent infection on the computer, it is recommended to enable Firewall and Automatic Updates feature and to install Ad-Aware. It is also highly recommended to be cautious when opening unknown or suspicious links in a browser.

  • Back to articles


  • Share this post:    Twitter Facebook