FSC-2010-3: Clarification on the Impact of CVE-2010-3499
The vulnerability report CVE-2010-3499 describes an issue, where exploit code can be delivered over a network, loaded into memory and executed, before security products from F-Secure Corporation intercept the exploit. The exploit requires Internet Explorer version 7 or 8 to be used.
The reported findings are basically correct on Windows XP and Windows Server 2003, but do typically not pose a significant threat to users of the product. This statement describes the relevant mitigating factors and actions.
• Windows XP and Windows Server 2003
• Internet Explorer 7 and 8
Risk Level: LOW (Low/Medium/High/Critical)
• All products that run on the affected platforms
Primary Mitigating Factors
The exploited vulnerability is actually located in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003. The vulnerability was addressed by Microsoft on July 13, 2010 by security bulletin MS10-042. The related patch has been distributed automatically to affected systems.
Our primary recommendation is to verify that the automatic update system is enabled in Windows XP and Server 2003, and that this particular patch has been applied.
Secondary Mitigating Factors
To provide further protection on systems that for some reason don’t have the needed patch applied, F-Secure Corporation currently provide the following counter measures:
- The Browsing Protection module blocks access to sites and URLs that are known to distribute this exploit.
- Further malicious actions by the exploit are subject to DeepGuard’s monitoring and control.
- Any files dropped or loaded by the exploit will be scanned for malware.
- Gateway antivirus solutions in corporate or service provider networks are not affected by this vulnerability, and protect the users against threats using this exploit.
It is not feasible to provide a hotfix or patch for the F-Secure product line in this case. F-Secure's primary recommendation is to mitigate this threat by applying the patch distributed by Microsoft, see Microsoft security bulletin MS10-042.
We do also take threats of this kind into account when developing the protection modules. Future versions of the product will have improved ability to intercept both this exploit and similar future exploits.
Date Issued: 2010-10-29
Last Updated: 2010-10-29