截屏视频帮助

Microsoft Security Advisory (2757760) Vulnerability in Internet Explorer Could Allow Remote Code Execution

创建时间: 19 9 月 2012 • Updated: 19 9 月 2012 | 8 条评论

HI,

Yesterday i have received Security Alert for microsoft. i want to sharing information

Microsoft Security Advisory (2757760) Vulnerability in Internet Explorer Could Allow Remote Code Execution

Check this blogs

http://blogs.technet.com/b/msrc/

http://technet.microsoft.com/en-us/security/advisory/2757760

评论 条评论跳转至最新评论

Fabiano.Pessoa 的图片

Hi,

Bloodhound.Exploit.474 is able to intercept commands on the operating system so that a user would only be shown what this virus wanted the user to see. This includes the ability to make it so files, directories, configuration files, and Windows Registry keys are invisible to a system administrator or user of the machine.

Way of Removing Bloodhound.Exploit.474 Manually
Delete its related files:

%UserProfile%\Application Data\[RANDOM CHARACTERS].exe
%Temp%\[RANDOM CHARACTERS].dll

Remove its related registry values:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\”%UserProfile%\Application Data\[RANDOM CHARACTERS].exe” = “%UserProfile%\Application Data\[RANDOM CHARACTERS].exe:*:Enabled:Win32load”
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\”%UserProfile%\Application Data\[RANDOM CHARACTERS].exe” = “%UserProfile%\Application Data\[RANDOM CHARACTERS].exe:*:Enabled:Win32load

hugs

Fabiano Pessoa

Systems Analyst - Forensic Expert

Jorge Pinto 的图片

Does anyone know if the IPS module of SEP12 already contains a signature to protect from this exploit?

Ashish-Sharma 的图片

Microsoft Security Bulletin MS12-063 - Critical

Cumulative Security Update for Internet Explorer (2744842)

http://technet.microsoft.com/en-us/security/bulletin/ms12-063

Thanks In Advance

Ashish Sharma