Return to list of client alerts
Microsoft made a decision decades ago to integrate Internet Explorer deep into the roots of Windows. No matter what anyone did, like installing a competing browser such as Mozilla Firefox, Internet Explorer was still there. This was at the core of Microsoft’s settlement with the Department of Justice that gave Microsoft the last laugh. Well, sort of.
Decades later, in June 2022, Microsoft finally put us all out of our security misery and killed Internet Explorer.
Well, except not really. IE is still buried in the guts of Windows, possibly excluding Windows 11 – possibly.
Varonis Labs revealed two Internet Explorer bugs, called LogCrusher and OverLog.
The bugs affect all supported versions of Windows except Windows 11.
The bugs exploit functions of the Microsoft Event Log Remoting Protocol (MS-EVEN). Windows has an API function that allows remote users to manipulate Windows event logs.
By default, non-administrative users cannot access event logs on other machines.
Except for the Internet Explorer log.
LogCrusher allows any domain user to remotely crash the event log service on any machine on the domain. Windows will try to restart the service twice and then it will shut down for 24 hours. No event log means that hackers can do whatever they want without being monitored.
OverLog uses a different bug to launch a remote denial of service attack by filling up the hard drive on any machine in the domain.
Microsoft has sort of issued the patch ONLY on Windows 10, but only for the IE event log. The researchers say this could be exploited with other event logs, possibly.
Forrester Research says that Microsoft fixed this specific bug and it requires someone to be a domain user and you should install it, but watch for suspicious activity.
Until you are running an operating system that does not have Internet Explorer buried in its guts, the legacy of IE will remain with us. Currently, the only OS that does not have IE in it is Windows 11.
Credit: CSO Online