It’s unusual to see a report come through on the weekend, but based on how quickly communication has been ramped-up, this one is serious enough to warrant some weekend work since this exploit successfully bypasses both ASLR and DEP protection schemes.
A new zero-day flaw is being reported that affects Internet Explorer versions 6 through 11, with IE9 through IE11 being actively targeted. When enacted, the vulnerability has the potential to take over the computer. Of course, as with the majority of vulnerabilities like this, it assumes the capabilities of the logged on user, which means if a user has administrative rights to the computer, the exploit will enjoy full control. I can’t reiterate enough that administrative rights for normal users is a no-no and cases like this should be enough to convince management to revoke administrative rights across the board.
Microsoft is working on a fix, however, it’s important to keep in mind that whatever patch comes available, it will not cover Windows XP. By all appearances, this is a serious flaw, and will be a first major test for unpatched Windows XP computers. The fix, once issued, will not be available publicly for Windows XP. In essence, Windows XP will vulnerable to this flaw, well, forever.
Here’s the applicable information about this new zero-day flaw:
Microsoft Security Advisory 2963983
More Details about Security Advisory 2963983 IE 0day
The flaw uses a hole in Adobe Flash. For workarounds, Microsoft is promoting EMET (both 4.1 and the 5.0 technical preview) with a specific configuration and also suggesting disabling VML in Internet Explorer and running IE in "Enhanced Protected Mode" which wasn't introduced until IE10. FireEye goes on to suggest disabling the Flash plugin in IE.
FireEye has been attributed to identifying many zero-day exploits over the past several months, and is working with Microsoft on this one to help develop a solution. Both companies are being careful about going in depth about how the expoit actually works, hoping to ward off copycat hackers. Of course, it goes without saying that, though Flash is used everyday around the web, its still a high target for hackers. Adobe-developed products continue to top the list of vulnerabilities enjoyed by hackers and malware writers month after month.
