News

Microsoft Zero-Day IE Flaw Being Actively Exploited

Microsoft released a security advisory on Monday to address a zero-day vulnerability found in  Internet Explorer 9 and earlier versions.

The flaw, which was publically disclosed by security firm Rapid7 Monday morning, can be exploited users running Internet Explorer on Windows XP, Vista and Windows 7.

"Computers can get compromised simply by visiting a malicious website, which gives the attacker the same privileges as the current user," wrote Rapid7 exploit developer "sinn3r".

The researcher responsible for the discovery, Eric Romang, tested the Internet Explorer flaw on a system running an up-to-date Windows XP SP3. However, he confirmed that Windows 8 (preview versions and RTM versions) is the only Microsoft OS that is not vulnerable to the hack. Also, the test version of Internet Explorer 10 is not vulnerable to attack.

Microsoft confirmed in its security advisory that it "is aware of targeted attacks that attempt to exploit this vulnerability" and is actively investigating the disclosure. However, Microsoft did not provide exploitation number or rate stats.

According to security researchers, the active attacks have used the Poison Ivy backdoor Trojan kit -- the same toolkit that was used in the recent Java zero-day attacks.

While the company did not give a timetable of if and when a security update would arrive, Microsoft's Yunsun Wee of the Trustworthy Computing Group outlined a temporary workaround, which includes deploying the Enhanced Mitigation Experience Toolkit (EMET); setting Internet security zones to "high" and disabling Active Scripting before using Internet Explorer.  

Andrew Storms, nCircle's director of security operations, commented in a blog post that Microsoft's workaround may not be enough to protect a system from attack. "EMET is a great tool, but at this point, it's not clear that EMET blocks every attack vector," wrote Storms. "If you haven't already deployed this toolkit, it's a great time to think about it, but not a great time to do so in a hurry."

Storms also said he believes that Microsoft will not wait until next month's security update to release a fix.

Rapid7 also provided its own workaround that does not involve the EMET: "Since Microsoft has not released a patch for this vulnerability yet, Internet users are strongly advised to switch to other browsers, such as Chrome or Firefox, until a security update becomes available," wrote "sinn3r".

 

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Microsoft Clarifies Project Cortex's Scope, IT Controls and Product Delivery in Q&A

    Microsoft recently offered a Q&A session on Project Cortex, its emerging "knowledge network" solution for Microsoft 365 users.

  • How To Use .CSV Files with PowerShell, Part 2

    In the second part of this series, Brien shows how to import a .CSV file into a PowerShell array, including two methods for zooming in on just the specific data you need and filtering out the rest.

  • Windows 10 Preview Adds Ability To Display Linux Distro Files

    Microsoft on Wednesday announced Windows 10 preview build 19603, which adds easier access to installed Linux distro files using Windows File Explorer.

  • Microsoft 365 Business To Get Azure Active Directory Premium P1 Perks

    Subscribers to Microsoft 365 Business (which is being renamed this month to "Microsoft 365 Business Premium") will be getting Azure Active Directory Premium P1 licensing at no additional cost.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.