Microsoft CVE-2017-0064: Internet Explorer Security Feature Bypass Vulnerability
Description
A security feature bypass vulnerability exists in Internet Explorer that allows for bypassing Mixed Content warnings. This could allow for the loading of unsecure content (HTTP) from secure locations (HTTPS). In a web-based attack scenario, an attacker could host a malicious website that is designed to exploit the security feature bypass. Alternatively, in an email or instant message attack scenario, the attacker could send the targeted user a specially crafted .url file that is designed to exploit the bypass. Additionally, compromised websites or websites that accept or host user-provided content could contain specially crafted content to exploit the security feature bypass. However, in all cases an attacker would have no way to force a user to view attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could entice a user to either click a link that directs the user to the attacker's site or send a malicious attachment. The security update addresses the security feature bypass by correcting how Internet Explorer handles mixed content.
Solution(s)
- msft-kb4016871-3f4526c4-d3ec-486a-a7ef-8d1987905310
- msft-kb4016871-cf89e515-56cd-4e4f-b5ca-31b3ea1e81b3
- msft-kb4018271-029e80a0-c3e7-476a-addc-6e2ee9272652
- msft-kb4018271-0a3c5e93-f2e0-4fe4-ac13-9441352d889d
- msft-kb4018271-0c21eb41-41c8-4ac8-b74a-a1ac940cbd19
- msft-kb4018271-0faa8bb3-23ab-4ac8-a402-95bbc12436b1
- msft-kb4018271-1020be2e-6910-4095-8cf2-b398122140f7
- msft-kb4018271-2f764af7-543b-497c-ad07-3d138623d5ba
- msft-kb4018271-5a278124-59da-4b37-8aed-3b4b30c8e7fb
- msft-kb4018271-5d605b9b-72ae-4578-91ce-dddd6bef7495
- msft-kb4018271-6343f284-77e8-4582-a7dd-4c75bf4142d1
- msft-kb4018271-665889ee-a56a-4419-b8b9-1cdafb5a3312
- msft-kb4018271-69f163b7-883a-485d-b619-923a0755f630
- msft-kb4018271-7e224737-81c5-4c04-a994-7b4d7e0149cc
- msft-kb4018271-7f0872af-8e3b-43fa-9fc0-dc1bc0c355bf
- msft-kb4018271-8eb29486-0deb-4e53-8f2b-285bf4fa572a
- msft-kb4018271-9a275ac7-f790-440d-a338-82a2c5f7185a
- msft-kb4018271-9a70ddbf-abb3-43b1-a967-aa75b6f220bd
- msft-kb4018271-a1e888ba-0d97-4c09-a4d1-3b0e37f1c027
- msft-kb4018271-b2ab07b5-9772-47ae-af01-9908f62f3878
- msft-kb4018271-b8d7147a-0628-44ac-9bd7-f03502930148
- msft-kb4018271-c1712990-5efa-443a-ad6b-f9ff7d320c4d
- msft-kb4018271-c37a095f-74ee-459a-b099-c51ab0cd7741
- msft-kb4018271-d046cb70-a1e8-4c4a-9d0e-0189fe9b17ce
- msft-kb4018271-dcdb7285-422f-49fd-8b02-7c857f8fbb65
- msft-kb4018271-de1c2774-3cb6-4519-bfab-389a84034622
- msft-kb4018271-e23c5f53-891d-4389-afd7-f2e8725c04cb
- msft-kb4018271-e6fd0bc9-4fdb-4967-9825-cecec4c14fa0
- msft-kb4018271-ebee7d44-6fcc-44ac-b831-408a65b37058
- msft-kb4019472-95ff788a-8fe4-4584-bfca-7051b92405b2
- msft-kb4019472-970dc0b3-07a2-4434-8df0-9008dcdc9f36
- msft-kb4019472-bf47cd35-d39a-426f-8884-ffcd8bd9c49a
- msft-kb4019473-55f05839-b358-4f0d-bcef-683de665b62c
- msft-kb4019473-e7400165-c486-4e3e-aabc-24d04ef1dbe6
- msft-kb4019474-15928377-0964-4b80-9021-1ab7230cc690
- msft-kb4019474-6964cf08-89cf-4a95-ace6-fdb7a423c09c
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center