Contact Us Today! (215) 853-2266

Bardissi Enterprises Blog

Bardissi Enterprises has been serving the Hatfield area since 2000, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Font size: +
Subscribe to this blog post
Print

Install IE FixIT to Avoid Zero Day Attack

IT Blog
0 Comments

Summary:

  • This vulnerability affects: Probably all current versions of Internet Explorer (IE), but the targeted exploit only affects IE 8 and 9
  • How an attacker exploits it: By enticing one of your users to visit a web page containing malicious content
  • Impact: In the worst case, an attacker can execute code on your user’s computer, potentially gaining complete control of it
  • What to do: Apply Microsoft’s IE FixIt, or consider the other workarounds below

Exposure:

Today, Microsoft released a critical out-of-cycle security advisory warning customers of a serious new zero day vulnerability affecting Internet Explorer (IE), which attackers are currently exploiting in the wild. The flaw likely affects all current versions of IE (6-11), but Microsoft claims the targeted attack only goes after IE 8 and 9 users.

The early advisory doesn’t describe the vulnerability in much technical detail, but what it does describe sounds very much like a  “use after free” vulnerability involving the way IE handles certain HTML objects. Regardless of the technical details, the scope and impact is the same. If an attacker can lure you to a web site containing malicious code (including a legitimate web site which may have been hijacked and booby-trapped), he could exploit this vulnerability to execute code on your computer, with your privileges.  As always, if you have local administrator privileges, the attacker could exploit this issue to gain complete control of your computer.

A remote code execution vulnerability is bad enough in theory, but knowing attackers found this one first, and are already exploiting it in the wild makes this flaw a pretty critical issue. The good news is Microsoft has released a FixIt to mitigate the risk of this flaw. We highly recommend you apply that FixIt, and also consider the other protective workarounds mentioned below.

Solution Path:

Since this vulnerability was first discovered in the wild, Microsoft has not yet had time to release a patch. However, they have released a FixIt workaround to temporarily mitigate the attack. If you use IE, I recommend you apply the FixIt immediately.

It’s important to note FixIts are temporary workarounds. They don’t replace full patches. We expect Microsoft to release a full patch for this flaw in the future, perhaps even in an out-of-cycle IE bulletin this month.

Finally, though the FixIt prevents attackers from exploiting this issue, we also offer a few other workarounds below. Some of these tips can help mitigate many web-based, memory-related vulnerabilities, so you might consider making them your regular practice:

  • Temporarily use a different web browser - I’m typically not one to recommend one web browser over another, as far as security is concerned. They all have had vulnerabilities. However, this is a fairly serious issue.  So you may want to consider temporarily using a different browser until Microsoft patches.
  • Install Microsoft EMET - EMET is an optional Microsoft tool that adds additional memory protections to Windows. I described EMET in a previous episode of WatchGuard Security Week in Review. EMET is a fairly complex tool, so I only recommend it to more advanced administrators. Nonetheless, installing it could help protect your computer from many types of memory corruption flaws, including this one.
  • Configure Enhanced Security Configuration mode on Windows Servers - Windows Servers in Enhanced Security Configuration mode are not vulnerable to this attack.
  • Make sure your AV and IPS is up to date - While not all IPS and AV systems have signatures for all these attacks yet, they will in the coming days. Be sure to keep your AV and IPS systems updating regularly, to get the latest protections.

For All WatchGuard Users:

Our IPS signature team belongs to the Microsoft Active Protections Program (MAPP). According to their advisory, Microsoft is sharing information about this attack with MAPP partners now. Due to this partnership, we’ll likely have a signature for this attack shortly. Regardless, we still highly recommend you apply Microsoft’s FixIt to protect your users.

Status:

Microsoft has released a FixIt to mitigate the issue. They plan on releasing a full patch in the future.

References:

Tweet
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Tuesday, 16 December 2025
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Blog Categories

Mobile? Grab this Article!

QR-Code dieser Seite

Blog Archive

2023
2022
2021
2020
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008
2007
2006

Recent Comments

Tip of the Week: Which Headphones are Right for Your Needs?
23 April 2018
I will recommend Plantronics Backbeat Pro 2 SE Noise cancelling Headset with it's Great features.
Gamification: Make Business Fun for Everyone
27 January 2017
The world is based on the games. There are many types of games as per the aussie essay writing servi...
Let's Talk Tablets
12 January 2017
The concept of tablet is far better than that of PC because you can bring them with you everywhere a...
Tip of the Week: Tweak Your Workday in These 4 Ways and See Major Results
12 January 2017
The only thing will I will say regarding this blog is that it is very helpful at least for me. As I ...
WatchGuard Releases Version 10.2.7 for WSM, Edge, Fireware, and Fireware Pro
23 December 2016
I really needed to know about the fireware but i was confused that where can i find information abou...