📄 الوصف (الإنجليزية)
Microsoft Internet Explorer and Edge Information Disclosure Vulnerability — An information disclosure vulnerability exists in the way that certain functions in Internet Explorer and Edge handle objects in memory. The vulnerability could allow an attacker to detect specific files on the user's computer.
🤖 ملخص AI
CVE-2016-3351 is a critical information disclosure vulnerability in Microsoft Internet Explorer and Edge that allows attackers to detect specific files on a user's computer by exploiting how certain functions handle objects in memory. This vulnerability has been actively exploited in the wild and was used by the AdGholas and GooNky malvertising campaigns to fingerprint victims before delivering exploit kits. With a CVSS score of 9.0 and confirmed exploit availability, this poses a significant risk to organizations still running legacy Internet Explorer or older Edge versions. Despite being patched in September 2016, unpatched legacy systems remain vulnerable.
📄 الوصف (العربية)
🤖 التحليل الذكي آخر تحليل: Apr 5, 2026 12:56
🇸🇦 التأثير على المملكة العربية السعودية
This vulnerability poses significant risk to Saudi organizations still running legacy Internet Explorer-based applications, which is common in government agencies and banking sectors. Saudi government portals (many integrated with NCA-regulated systems) and SAMA-regulated financial institutions that rely on legacy web applications using Internet Explorer are particularly at risk. Energy sector organizations including ARAMCO subsidiaries and contractors using older Windows systems with IE-based internal tools could be targeted for reconnaissance. Healthcare systems running legacy medical record applications through IE are also vulnerable. The information disclosure nature of this vulnerability makes it a precursor to more severe attacks, enabling adversaries to profile Saudi targets before deploying advanced exploits.
🏢 القطاعات السعودية المتأثرة
Government
Banking
Energy
Healthcare
Telecom
Education
⚖️ درجة المخاطر السعودية (AI)
7.5
/ 10.0
🔧 Remediation Steps (English)
Immediate Actions:
1. Apply Microsoft Security Bulletin MS16-104 (for Internet Explorer) and MS16-105 (for Edge) immediately on all affected systems
2. Audit all systems for Internet Explorer usage and identify legacy applications requiring IE
3. Migrate users from Internet Explorer to modern browsers (Chrome, Firefox, or Chromium-based Edge)
Patching Guidance:
- Deploy KB3185319 (IE cumulative update) and KB3185611 (Edge cumulative update) from September 2016
- Ensure all subsequent cumulative updates have been applied as this is a legacy vulnerability
- Verify patch status using WSUS, SCCM, or vulnerability scanning tools
Compensating Controls:
- Implement web content filtering to block known malvertising domains
- Enable Enhanced Protected Mode in Internet Explorer
- Deploy application whitelisting to prevent unauthorized code execution
- Use network segmentation to isolate systems requiring legacy IE
Detection Rules:
- Monitor for unusual MIME type handling in IE/Edge processes
- Deploy IDS/IPS signatures for known exploit kit traffic patterns associated with AdGholas
- Monitor for suspicious file enumeration activities from browser processes
- Alert on IE/Edge processes accessing unusual file system paths
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تطبيق نشرة أمان مايكروسوفت MS16-104 (لـ Internet Explorer) و MS16-105 (لـ Edge) فوراً على جميع الأنظمة المتأثرة
2. مراجعة جميع الأنظمة لاستخدام Internet Explorer وتحديد التطبيقات القديمة التي تتطلب IE
3. نقل المستخدمين من Internet Explorer إلى متصفحات حديثة
إرشادات التصحيح:
- نشر التحديث التراكمي KB3185319 (لـ IE) و KB3185611 (لـ Edge) من سبتمبر 2016
- التأكد من تطبيق جميع التحديثات التراكمية اللاحقة
- التحقق من حالة التصحيح باستخدام أدوات WSUS أو SCCM أو أدوات فحص الثغرات
الضوابط التعويضية:
- تنفيذ تصفية محتوى الويب لحظر نطاقات الإعلانات الخبيثة المعروفة
- تفعيل وضع الحماية المحسن في Internet Explorer
- نشر القوائم البيضاء للتطبيقات لمنع تنفيذ التعليمات البرمجية غير المصرح بها
- استخدام تجزئة الشبكة لعزل الأنظمة التي تتطلب IE القديم
قواعد الكشف:
- مراقبة التعامل غير المعتاد مع أنواع MIME في عمليات IE/Edge
- نشر توقيعات IDS/IPS لأنماط حركة مرور أدوات الاستغلال المعروفة
- مراقبة أنشطة تعداد الملفات المشبوهة من عمليات المتصفح
📋 خريطة الامتثال التنظيمي
🟢 NCA ECC 2024
2-3-1 (Patch Management)
2-5-1 (Vulnerability Management)
2-2-1 (Asset Management)
2-6-1 (Network Security)
🔵 SAMA CSF
3.3.3 (Patch Management)
3.3.4 (Vulnerability Management)
3.1.1 (Cybersecurity Risk Management)
3.3.7 (Web Security)
🟡 ISO 27001:2022
A.8.8 (Management of technical vulnerabilities)
A.8.9 (Configuration management)
A.8.23 (Web filtering)
A.8.7 (Protection against malware)
🟣 PCI DSS v4.0
6.3.3 (Install critical security patches within one month)
6.2 (Protect system components from known vulnerabilities)
5.2 (Detect and protect against malicious software)
11.2 (Run vulnerability scans)
🔗 المراجع والمصادر 0
لا توجد مراجع.
📦 المنتجات المتأثرة 1 منتج
Microsoft:Internet Explorer and Edge