Workaround for zero day Internet Explorer flaw


Workaround for zero day Internet Explorer flaw

Cliff Saran

Microsoft has rushed out a workaround for a zero-day exploit affecting the Internet Explorer web browser.

In Security Advisory 2488013, Microsoft warned users of a new publicly-disclosed vulnerability in Internet Explorer (IE).

On its TechNet blog, Microsoft said, "This vulnerability affects all versions of IE. Exploiting this vulnerability could lead to unauthorised remote code execution inside the iexplore.exe process."

Microsoft said that the Metasploit open source penetration testing project published an exploit for the vulnerability using a known technique to evade ASLR (Address Space Layout Randomization) and bypass DEP (Data Execution Prevention) which are used to prevent rogue code from contaminating IE.

IE uses dynamic linked libraries (DLLs) to render certain types of internet content. Some of these support ASLR and cannot be attacked, but IE allows non ASLR DLLs to run. These DLLs run in specific memory locations and can be targeted by hackers.

According to Paul Ducklin, head of technology at Sophos, a good work-around is to use Microsoft's Enhanced Mitigation Experience Toolkit (EMET).

"With this tool, you can force named applications to perform ASLR on every DLL they load, whether the DLL wants it or not. This makes it very much less likely that a remote exploit based on hard-wired addresses will succeed," he wrote on the NakedSecurity blog.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy