October 22, 2014

Microsoft releases security advisory about zero day vulnerability in IE

(LiveHacking.Com) – I wrote yesterday about a new zero-day vulnerability in Internet Explorer that was discovered by security researcher Eric Romang while he was monitoring some servers suspected of serving malware. He discovered four files which upon analysis turned out to be a zero-day vulnerability in Internet Explorer. As a response to these reports, Microsoft has published  Security Advisory 2757760 which confirms that the flaw exists in Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9. Internet Explorer 10 is not affected. Microsoft also reports that there are targeted attacks, that attempt to exploit this vulnerability, happening in the wild.

The vulnerability leads to corrupt memory which can then allow an attacker to execute arbitrary code. It exists because of the way that Internet Explorer accesses an object that has been deleted or has not been properly allocated.

“On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer need,” wrote Microsoft in a statement.

As this is a zero day vulnerability there is currently no fix, but Microsoft are recommending that users deploy the Enhanced Mitigation Experience Toolkit (EMET) to help to prevent a malicious website from successfully exploiting the vulnerability.

The advisory also details a full set of alternative workarounds, to deploying EMET, which include:

  • Set Internet and local intranet security zone settings to “High” to block ActiveX Controls and Active Scripting in these zones
    This will help prevent exploitation but may affect usability; therefore, trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.
  •  Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and local intranet security zones
    This will help prevent exploitation but can affect usability, so trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.

 

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks