Dave's Computer Tips is your FREE how-to, tips, tricks, and news source for computers, mobile devices, and technology!

Internet Explorer Users Warned: New Zero-Day Exploit Discovered

IE-logoMicrosoft has issued a Security Advisory warning Internet Explorer users of a targeted attack which exploits a previously unknown flaw to allow remote code execution. According to FireEye, the security firm credited with discovering the attack, all versions of Internet Explorer (v6 – v11) are vulnerable, although currently only versions 9 – 11 are being actively targeted.

The exploit leverages a previously unknown use-after-free vulnerability, and uses a well-known Flash exploitation technique to achieve arbitrary memory access and bypass Windows’ ASLR and DEP protections.

Microsoft is yet to issue a patch for this vulnerability but, according to its advisory, is preparing to do so:

On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.

In the meantime, both FireEye and Microsoft have included methods in their reports which can be utilized to help mitigate the threat. Microsoft is urging IE users to download and install its Enhanced Mitigation Experience Toolkit (EMET). For more information on EMET and how it works I suggest reading through security expert Bran Krebs’ article here: Windows Security 101: EMET 4.0.

If the EMET solution appears a tad complex for less experienced users, FireEye has also included a couple of simple techniques which it claims “breaks the exploit”.

  • Enable Enhanced Protected Mode (only available in IE 10 & 11) – Internet Explorer>Tools>Internet Options>Advanced>Security

enhanced protected mode

  • Disable the Adobe Flash plug-in, the attack will not work without Adobe Flash – Internet Explorer>Tools>Manage add-ons>Toolbars and Extensions>All add-ons

disable flash

Operating from within a limited user account can also help limit any damage if the exploit does manage to get through. Of course, the simplest method is probably just to use an alternative browser, at least until Microsoft releases a patch.

Suggested Reading (sources):

UPDATE

Microsoft has now issued a security update to patch this vulnerability. The update will be delivered as per normal via Windows Updates – mine arrived several hours ago. This is a critical update, so if you haven’t enabled automatic updates, or performed a manual “check for updates”, now would be a good time to do so.

windows update

*XP USERS NOTE: Microsoft has also made this update available for XP.

 

Share
About the author - Jim Hillier
Managing Editor/Contest Coordinator of Daves Computer Tips - Jim is the resident freeware aficionado at DCT. A computer veteran with 30 years of experience. His first computer was a TRS-80 in the 1980s. He progressed through the Commodore series of computers before moving to PC's in the 1990s. Jim currently uses both Win7 and Win8. Jim has a passion for free software and hopes to share that passion with others during his tenure here!
 
Comments

Hi Jim, good info for IE users. I’m using Firefox in Ubuntu right now. Will have to see if I have the update. Do you recommend the Enhanced Mitigation Tool be downloaded and installed? Daniel.

Hi Daniel – That’s a tricky one, I would say generally, yes. Anyone who has a basic understanding of DEP would have no problem with EMET. Less experienced users may need to learn a little about DEP and whitelisting. However, in my opinion, that would be well worthwhile, after all, it’s the less experienced users who are often more at risk.

Cheers… Jim

Leave a Reply