Microsoft has issued a security warning for users of the Internet Explorer browser.
The exploit affects versions 6 through 11 of the Internet Explorer, which makes up some 25 percentage of all web browsers used. Microsoft has issued multiple blog posts since the vulnerability, recorded as Security Advisory 2963983 , was reported on April 25, 2014. Users are advised to download the Microsoft Enhanced Mitigation Experience Toolkit (EMET) as a short term solution to the issue. Disabling VML and Flash is also recommended until a solution to the problem can be provided.
Security group FireEye, published a blog post on the exploit explaining how the exploit works; but declined to release details about the current campaign of malicious attacks using it for fear of triggering copycat attacks. However, FireEye has pointed out that the group behind the 0day exploit are “extremely proficient at lateral movement and are difficult to track, as they typically do not reuse command and control infrastructure”.
The vulnerability is a “use-after-free” memory corruption and the exploit observed seems to target IE9, IE10 and IE11. While the vulnerability affects Internet Explorer, the exploit relies deeply on two other components to successfully trigger code execution and in particular it requires presence VML and Flash components;
For more information about what to do while waiting for a patch, click here.
Also, given the current details shared by FireEye, they believe that the exploit can be also mitigated by:
– Disable VML in IE.
– Run Internet Explorer in “Enhanced Protected Mode” configuration and 64-bit process mode, which is available for IE10 and IE11.
Aside from using the workarounds for Internet Explorer NextSys immediately recommends that users use alternate browsers such as Firefox, Google chrome, Safari, etc. until Microsoft release an official patch which is scheduled for May 09, 2014.
Leave A Comment