Internet Explorer XSS Filter June Update to address SCRIPT tag

The XSS Filter related Blackhat EU presentation discussed a vulnerability that was previously disclosed and addressed in January security update to Internet Explorer (MS10-002). This attack scenario involved modified HTTP responses, enabling XSS on sites that wouldn’t otherwise be vulnerable. “An additional update to IE XSS Filter is currently scheduled for June, and will address […]

The XSS Filter related Blackhat EU presentation discussed a vulnerability that was previously disclosed and addressed in January security update to Internet Explorer (MS10-002). This attack scenario involved modified HTTP responses, enabling XSS on sites that wouldn’t otherwise be vulnerable. “An additional update to IE XSS Filter is currently scheduled for June, and will address a SCRIPT tag attack scenario described in Blackhat EU presentation. This issue manifests when malicious script can “break out” from within a construct already within an existing script block. While the issue identified and addressed in MS10-002 was identified to exist on high-profile web sites, thus far real-world examples of SCRIPT tag neutering attack scenario have been hard to come by. In case of IE XSS Filter, researchers found scenarios generally applicable across XSS filtering techs in all currently shipping browsers with this tech built-in. In MS10-002 and again in MS10-018, we took steps to mitigate this threat class and we’ll take the next major step in the June timeframe. Overall we maintain that it’s important to use a browser with an XSS Filter, as the benefits of protection from a large class of attacks outweigh the potential risks from vulnerabilities in most cases,” states MSRC.

[Source]