News

Microsoft Zero-Day IE Flaw Being Actively Exploited

Microsoft released a security advisory on Monday to address a zero-day vulnerability found in  Internet Explorer 9 and earlier versions.

The flaw, which was publically disclosed by security firm Rapid7 Monday morning, can be exploited users running Internet Explorer on Windows XP, Vista and Windows 7.

"Computers can get compromised simply by visiting a malicious website, which gives the attacker the same privileges as the current user," wrote Rapid7 exploit developer "sinn3r".

The researcher responsible for the discovery, Eric Romang, tested the Internet Explorer flaw on a system running an up-to-date Windows XP SP3. However, he confirmed that Windows 8 (preview versions and RTM versions) is the only Microsoft OS that is not vulnerable to the hack. Also, the test version of Internet Explorer 10 is not vulnerable to attack.

Microsoft confirmed in its security advisory that it "is aware of targeted attacks that attempt to exploit this vulnerability" and is actively investigating the disclosure. However, Microsoft did not provide exploitation number or rate stats.

According to security researchers, the active attacks have used the Poison Ivy backdoor Trojan kit -- the same toolkit that was used in the recent Java zero-day attacks.

While the company did not give a timetable of if and when a security update would arrive, Microsoft's Yunsun Wee of the Trustworthy Computing Group outlined a temporary workaround, which includes deploying the Enhanced Mitigation Experience Toolkit (EMET); setting Internet security zones to "high" and disabling Active Scripting before using Internet Explorer.  

Andrew Storms, nCircle's director of security operations, commented in a blog post that Microsoft's workaround may not be enough to protect a system from attack. "EMET is a great tool, but at this point, it's not clear that EMET blocks every attack vector," wrote Storms. "If you haven't already deployed this toolkit, it's a great time to think about it, but not a great time to do so in a hurry."

Storms also said he believes that Microsoft will not wait until next month's security update to release a fix.

Rapid7 also provided its own workaround that does not involve the EMET: "Since Microsoft has not released a patch for this vulnerability yet, Internet users are strongly advised to switch to other browsers, such as Chrome or Firefox, until a security update becomes available," wrote "sinn3r".

 

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Microsoft Ups Its Windows 10 App Compatibility Assurances

    Microsoft gave assurances this week that organizations adopting Windows 10 likely won't face application compatibility issues.

  • SharePoint Online Users To Get 'Modern' UI Push in April

    Microsoft plans to alter some of the tenant-level blocking capabilities that may have been set up by organizations and deliver its so-called "modern" user interface (UI) to Lists and Libraries for SharePoint Online users, starting in April.

  • How To Use PowerShell Splatting

    Despite its weird name, splatting can be a really handy technique if you create a lot of PowerShell scripts.

  • New Microsoft Customer Agreement for Buying Azure Services To Start in March

    Microsoft will have a new approach for organizations buying Azure services called the "Microsoft Customer Agreement," which will be available for some customers starting as early as this March.

comments powered by Disqus
Most   Popular

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.