Only a few weeks after Heartbleed hit the Internet by storm, reports of another serious zero-day vulnerability are starting to circulate within the security community.

Over the weekend Microsoft released Security Advisory 2963983, which details a new remote code execution vulnerability impacting ALL versions of Internet Explorer (IE6-IE11). Microsoft is aware of “limited, targeted attacks that attempt to exploit the vulnerability.” The company is currently investigating public reports of the vulnerability and it has yet to publicize details to the reserved CVE-2014-1776 but there are steps organizations can take to protect against this threat.

Impact

An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Affected Internet Explorer Versions

The vulnerability affects ALL versions of Microsoft Internet Explorer (IE6-IE11).

Recommendation

Initial investigations reveal that Enhanced Protected Mode, as well as Enhanced Mitigation Experience Toolkit (EMET) 4.1 and EMET 5.0 Technical Preview, will help protect against this threat. As always, we encourage everyone to exercise caution when visiting websites and avoid clicking suspicious links, or opening email messages from unfamiliar senders.

Microsoft has also suggested workaround actions that organizations should consider implementing. Workarounds refer to a setting or configuration change that does not correct the underlying issue but help block known attack vectors before a security update is available.

For more details on Microsoft’s suggested workarounds, please visit: https://technet.microsoft.com/en-US/library/security/2963983#ID0EUFAC

Workarounds

  • Deploy the Enhanced Mitigation Experience Toolkit 4.1
  • Set Internet and Local intranet security zone settings to “High” to block ActiveX Controls and Active Scripting in these zones
  • Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone
  • Unregister VGX.DLL
  • Modify the Access Control List on VGX.DLL to be more restrictive
  • Enable Enhanced Protected Mode For Internet Explorer 11 and Enable 64-bit Processes for Enhanced Protected Mode

References