Apr 29
2014

Microsoft Internet Explorer Vulnerability

 

zero-day-ie-640x556

This weekend Microsoft confirmed the presence of an Internet Explorer vulnerability, as well as active attacks against this vulnerability, in every version of Internet Explorer.

This vulnerability could be used to silently install malicious software without knowledge or assistance from the end user, by browsing to an infected site.

Microsoft is recommending that Internet Explorer users download and install their Enhanced Mitigation Experience Toolkit (EMET) version 4.1 along with other options.

However, it’s all a bit messy at the moment considering these are workarounds as Microsoft really hasn’t developed solution to cut to the root cause of the problem as of 4/30/2014 (the date I wrote this amendment).

Option 1: Use an alternate browser until Microsoft issues a patch.

Updated 2nd Option (and probably the easiest if you don’t want to install stuff):  “Use Enhanced Protected Mode” – Note: This is may not be on by default for the modern browsing experience in Internet Explorer 10 and Internet Explorer 11 as some sites have claimed.  I checked it on two browsers and 2 out of 2 had this option disabled.  How to enable Enhanced Protection Mode (or check to ensure it’s enabled): Protection strategies for the Security Advisory 2963983 IE 0day (new link updated 4/30/14 – describes better the mitigation strategies Microsoft previously advised the public to perform)

3rd Option:  Download and install/configure the EMET 4.1 toolkit, which is provided here: http://www.microsoft.com/en-us/download/details.aspx?id=41138

4th Option (updated 4/30/14):  Block access to VGX.DLL – this is a conduit but not the root cause of the problems for the attacks.  Meaning the attackers use this file to launch attacks, but if it’s blocked it can’t be utilized.  Thus blocking VGX.DLL will break a link in the chain for the attack to occur.  Not really my favorite as this seems to be a bit messy in the long run when compared to the other solutions.

More information about EMET can be found here: http://support.microsoft.com/kb/2458544

As always, be mindful of your Internet surfing habits and the sites that you go to.

Do not click on links in unsolicited email or from people who you do not know.

If you mouse over a link and it appears different from what is presented on the screen, do not click on it even if it is from someone you know.

Note:

Bad:  If you are using Windows XP, this vulnerability WILL NOT be fixed, as Microsoft is no longer supporting XP.  🙁

Good: Linux and UNIX users need not worry… 🙂

References:  http://arstechnica.com/security/2014/04/active-0day-attack-hijacking-ie-users-threatens-a-quarter-of-browser-market/

http://blogs.seattletimes.com/microsoftpri0/2014/04/28/cert-recommends-use-of-other-browsers-until-internet-explorer-vulnerability-patched/

http://blogs.technet.com/b/srd/archive/2014/04/30/protection-strategies-for-the-security-advisory-2963983-ie-0day.aspx

This entry was posted in Information Assurance, Windows 7, Windows 8. Bookmark the permalink.