Microsoft has confirmed a new zero-day vulnerability found in Internet Explorer. The vulnerability (CVE-2014-1776) affects ALL versions of Internet Explorer 6 through Internet Explorer 11.
Microsoft’s issued security advisory 2963983 report yesterday, April 26, acknowledging the vulnerability and that it is begin used for targeted attacks. The current attack campaigns are targeting Internet Explorer 9 through Internet Explorer 11.
According to Microsoft’s security report Internet Explorer is vulnerable to arbitrary code execution by the “way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated.” Microsoft stated. The vulnerability allows an attacker to corrupt and execute arbitrary code into the browser. The attacker could corrupt the memory by hosting fake campaigns, along with numerous other methods of attack.
Microsoft is working with security firm Fireeye and has dubbed the ongoing campaigns “Operation Clandestine Fox”.
Fireeye security experts noted if an attacker successfully corrupts the memory, the attacker will gain the same amount of user access the host has. Exploits as such are huge security risks in business environments.
Internet Explorer Vulnerability Replying On Flash
Security researchers have stated there is no current security patch available for this vulnerability. Fireeye reported “in 2013, the vulnerable versions of IE accounted for 26.25% of the browser market”.
Steps to Protect yourself from the Zero Day Vulnerability
As Microsoft is working on a patch and has not noted when the update will be, the next installment could be Tuesday, May 14, 2014. However security analysts note the following tips to protect yourself.
Install Enhanced Mitigation Experience Toolkit (EMET 4.1), a free program that helps prevent vulnerabilities in software from being successfully exploited.
You can protect yourself against exploitation by changing your settings for the Internet security zone to block ActiveX controls and Active Scripting.
- Tools > Internet Options > Security > Internet > Custom Level > Under Scripting Settings > Disable Active Scripting
- Under Local intranet’s Custom Level Settings > Disable Active Scripting
If you are using Internet Explorer 10 or a higher version, enable Enhanced Protected Mode to protect your browser against the zero-day exploit.
The Internet Explorer update will not work without Adobe Flash, so users are currently being advised to disable the Adobe Flash plugin within IE.
De-Register VGX.dll (VML parser) file, which is responsible for rendering of VML (Vector Markup Language) code in web pages, in order to prevent exploitation. Run the following command:
- regsvr32 -u “%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll”