Microsoft Warns of New Zero-Day Exploit Targeting Internet Explorer 6 through 11

by Istvan Fekete on April 28, 2014

Microsoft is aware of limited, targeted attacks attempting to exploit a vulnerability in Internet Explorer 6, 7, 8, 9, 10, and 11,” states a security advisory for CVE-2014-1776 that Microsoft released late on Saturday.

FireEye Research Labs pointed to this new zero-day vulnerability, which is actively being exploited in a campaign they call “Operation Clandestine Fox”. The security research blog didn’t provide campaign details, but they believe this is a significant zero-day, as the vulnerable versions represent about 25% of the total browser market: Internet Explorer 13.9%; Internet Explorer 10, 11.04%; and Internet Explorer 11, 1.32%, according to NetMarket Share’s 2013 data.

“The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.”

So what can you do as a user to avoid the exploit? You can switch to Mozilla Firefox or Google Chrome … or maybe even Opera. But if you need to stick with Internet Explorer for some reason, the guys from FireEye say using EMET (Enhanced Mitigation Experience Toolkit) may break the exploit in your environment and prevent it from successfully controlling your computer.

“EMET versions 4.1 and 5.0 break (and/or detect) the exploit in our tests. Enhanced Protected Mode in IE breaks the exploit in our tests. EPM was introduced in IE10.
Additionally, the attack will not work without Adobe Flash. Disabling the Flash plugin within IE will prevent the exploit from functioning.”

And also: apply the software update as soon as it becomes available.

Did you like this post? TheTelecomBlog.com publishes daily news, editorial, thoughts, and controversial opinion – you can subscribe by: RSS (click here), or email (click here).

Written by: Istvan Fekete. www.digitcom.ca. Follow TheTelecomBlog.com by: RSS, Twitter, Facebook, or YouTube.

Previous post:

Next post: