Qualys Blog

www.qualys.com
wkandek

New 0-day Vulnerability in Internet Explorer

Update:

Microsoft published a Fix-it script that uses the appcompat Shim mechanism to counter the exploit and turn it into a crash rather than code execution.
  
Original:
Microsoft just made public advisory 2794220 for a new vulnerability that affects Internet Explorer 6, 7 and 8. Yesterday Fireeye had published a post on their blog describing an active attack on that vulnerability hosted on the Council of Foreign Relation’s (CFR) website, which they believe to have been active since Dec 21st. The attack on CFR’s site is targeted, works only against IE 8 and uses Adobe Flash to setup the environment necessary.

Internet Explorer 9 or 10 are not affected by this vulnerability and upgrading to these versions of IE is a good option for individual users. IT admins that cannot up[garde that fast, should take a look at the EMET toolkit which Microsoft has been listing as a defensive workarounds for this attack and as well as the last IE 0-day in September (2757760). 
Microsoft’s SRD blog post goes over the technical details of the current attacks and provides some insight how the attackers circumvent IE’s built-in protection mechanisms by using a components from Flash, Java and Office.

Leave a Reply