Microsoft Security Alert: Vulnerability in Internet Explorer Could Allow Remote Code Execution

Microsoft is continuing its investigation of public reports of attacks against a new vulnerability in Internet Explorer.

Here is what Microsoft has to say:

Our investigation so far has shown that these attacks are only against Windows Internet Explorer 7 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, Windows Vista, Windows Vista Service Pack 1, and Windows Server 2008. Microsoft Internet Explorer 5.01 Service Pack 4, Microsoft Internet Explorer 6 Service Pack 1, Microsoft Internet Explorer 6, and Windows Internet Explorer 8 Beta 2 on all supported versions of Microsoft Windows are potentially vulnerable.

The vulnerability exists as an invalid pointer reference in the data binding function of Internet Explorer. When data binding is enabled (which is the default state), it is possible under certain conditions for an object to be released without updating the array length, leaving the potential to access the deleted object's memory space. This can cause Internet Explorer to exit unexpectedly, in a state that is exploitable.

At this time, we are aware only of limited attacks that attempt to use this vulnerability against Windows Internet Explorer 7. Our investigation of these attacks so far has verified that they are not successful against customers who have applied the workarounds listed in this advisory. Additionally, there are mitigations that increase the difficulty of exploiting this vulnerability.

We are actively working with partners in our Microsoft Active Protections Program (MAPP) and our Microsoft Security Response Alliance (MSRA) programs to provide information that they can use to provide broader protections to customers. In addition, we’re actively working with partners to monitor the threat landscape and take action against malicious sites that attempt to exploit this vulnerability.

We are actively investigating the vulnerability these attacks attempt to exploit. We will continue to monitor the threat environment and update this advisory if this situation changes. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through a service pack, our monthly security update release process, or an out-of-cycle security update, depending on customer needs.

Microsoft continues to encourage customers to follow the "Protect Your Computer" guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. Additional information can be found at Security at home.

Mitigating Factors:

• Protected Mode in Internet Explorer 7 and Internet Explorer 8 in Windows Vista limits the impact of the vulnerability.

• By default, Internet Explorer on Windows Server 2003 and Windows Server 2008 runs in a restricted mode that is known as Enhanced Security Configuration. This mode sets the security level for the Internet zone to High. This is a mitigating factor for Web sites that you have not added to the Internet Explorer Trusted sites zone.

•An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.

•Currently known attacks cannot exploit this issue automatically through e-mail.

Click Here For The Advisory Statement.

Utility SCE Completes Massive Installation Of Solar Rooftop Project, Will The Rest Of U.S. Follow?

Rosemead, Calif. - Southern California Edison (SCE) announced Monday that it has completed the first of its proposed 150 solar photovoltaic installations on Southern California commercial rooftops.

The project could eventually cover two square miles of existing commercial roofs with 250 million watts of peak generating capacity – equivalent to building several utility-scale solar power plants.

During recent months, the 600,000-square-foot Fontana, Calif., distribution warehouse roof selected as the first installation site has been fitted with 33,700 advanced thin-film solar panels making it the largest single rooftop solar photovoltaic array in California. The facility now generates enough power during peak output conditions to meet the needs of approximately 1,300 Inland Empire homes.

SCE officials also announced today the choice of their next solar installation site. The utility will begin construction soon atop a 458,000-square-foot industrial building in Chino, Calif., owned by the Multi-Employer Property Trust, and advised by Kennedy Associates.

Additionally, the utility announced that the solar panel supplier for the Fontana installation – First Solar of Tempe, Ariz. – is once again the winning bidder for the utility’s second installation. Decisions have not been made on other building sites.

SCE’s renewable energy project, being called a solar power game changer because of its unprecedented scope and consumer price benefits, was prompted by advances in solar technology that reduce the cost of installed photovoltaic generation to approximately half that of current similar installations.

Additionally, the utility hopes to fill a gap it has observed in current rooftop solar projects in the state – mid-range one- to two-megawatt installations.

SCE anticipates its solar power project will create new jobs in Southern California in the solar industry. The International Brotherhood of Electrical Workers, one of SCE’s project partners, is supporting the project through the expansion of its solar installation apprentice training program.

The utility received its first regulatory response to the project on Sept. 18, 2008, when the California Public Utilities Commission authorized the recording of costs for the first three installations while SCE awaits regulatory review and response to the entire $875 million project due in March 2009.

An Edison International (NYSE:EIX) company, Southern California Edison is the largest electric utility in California, serving a population of more than 13 million via 4.8 million customer accounts in a 50,000-square-mile service area within Central, Coastal and Southern California.

How it Works?

Solar panels are made of materials that convert sunlight directly into electricity through a chemical process. Thin semiconductor layers form an electric field, positive on one side and negative on the other side. When sunlight strikes the semiconductor, electrons are knocked loose from the atoms of the material creating the current. Wires are attached to the positive and negative sides to carry the electricity from the cell to the device to be powered. (Source: SCE)


Click Here For Press Release.