Microsoft has advised of a 'zero-day' vulnerability in its Internet Explorer versions 7 and earlier, that allows the execution of malicious programs on a victim computer. The company has released a security advisory (number 961051). The vulnerability is currently being tracked as CVE-2008-4844. Network Box gateway devices are able to protect against users from falling victim to malicious programs that exploit this vulnerability. It does this by nullifing and isolating malicious payloads at the network gateway - ie before they reach client computers - using HTTP antivirus scanning.

Because the vector of attack is within Internet Explorer itself, attackers can vary the payload of the attack, making it impossible to give a generic identification to the payloads that are delivered through this vulnerability. This means that specific signatures such as those for the common 'Exploit.js' file and the 'Trojan-GameThief.Win32.Magania.anjc' payload need to be developed on a case by case basis.

Using our Network Box PUSH technology, we send new antivirus and malicious payload signatures out to our customers within minutes of those signatures being developed by our antivirus partner, Kaspersky Labs.

Using HTTP AV, Network Box has provided protection for its customers against malicious payloads related to this vulnerability since these payloads were first identified in the wild. It maintains a constantly changing defensive shield against these constantly changing attacks.

Network Box advises its customers to take the following steps to increase the level of protection against the vulnerability CVE-2008-4844:

1. Ensure that Content Filtering is enabled on the Network Box gateway device. A number of malicious payload hosting sites are already categorised as undesirable by Network Box, so if content filtering will restrict outgoing web browsing requests to such sites even before those requests leave the customers network. If you are unsure about the status of Network Box Content Filtering or wish to explicitly enable this feature on your installation, please contact your NOC support staff.


2. Ensure that HTTP AV scanning is enabled on the Network Box gateway device. This enables incoming threat payloads to be identified before they reach the client computers. If you are unsure about the status of HTTP AV or wish to explicitly enable this feature on your installation, please contact your NOC support staff.


3. Ensure that your internal network computers are configured to pass HTTP requests through the Network Box gateway device, either directly through local browser Proxy settings, or indirectly through redirection at the Network Box gateway. Again, if you are unsure about the status of this in your own installation, please contact your NOC support staff.


4. Protect your internal network computers against this vulnerability directly by downloading and installing the Microsoft security updates for Internet Explorer from the following location: http://www.microsoft.com/technet/security/bulletin/ms08-078.mspx Or alternatively, customers should enact their own corporate policies for managing critical updates.

Back