Microsoft is investigating reports of a newly-found vulnerability in the Internet Explorer browser software that could cause malicious code to be downloaded and executed. FireEye Research Labs spotted the vulnerability, researched the method of attack and reported on it Saturday, April 26th. Microsoft made an official announcement about it that day, along with details about who is vulnerable and what steps can be taken to reduce or remove the vulnerability entirely.
The vulnerability is present in Internet Explorer versions 6-11, though the specific exploit seems to be targeting IE 9-11. FireEye Research Labs report that the primary method used to exploit the vulnerability lies in Flash and Microsoft’s Virtual Markup Language, when a specially-crafted SWF file is viewed in the targeted browsers. The exploit can result in the attacker gaining the same user rights as the current user on the system. If the current user was the admin, the attacker could possibly gain full control of the affected computer.
Certain versions of Internet Explorer are immune to this attack. Windows Server versions of Internet Explorer typically run under a restricted mode called Enhanced Security Configuration which blocks this vulnerability. Outlook, Outlook Express and Windows Mail all open HTML messages in Restricted Sites mode in Internet Explorer, which doesn’t allow ActiveX or Javascript to run in a mail message, also blocking the vulnerability.
There are also a few things users can do to remove the vulnerability:
-Deploy the Enhanced Mitigation Experience Toolkit 4.1. This is a Microsoft security toolkit that can prevent many kinds of vulnerabilities. It needs to be configured to work with Internet Explorer.
-Set Internet and Local intranet security zone settings to “High” to block ActiveX Controls and Active Scripting in these zones.
-Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone.
-Unregister VGX.DLL. Modify the Access Control List on VGX.DLL to be more restrictive –
-Enable Enhanced Protected Mode For Internet Explorer 10-11 and Enable 64-bit Processes for Enhanced Protected Mode.
-Disable Flash plugin within Internet Explorer.
More details about this vulnerability and preventative measures can be found at: https://technet.microsoft.com/library/security/2963983
