By Brenden Vaughan
A new zero-day vulnerability exploit has been identified in Microsoft’s Internet Explorer web browser versions 9 and below running on Windows XP, Vista and 7. Internet Explorer 10, which comes bundled with Windows 8, is not affected. The exploit could allow remote execution of malicious code from compromised websites.
Referred to as a “use-after-free” vulnerability, this exploit relies on the way that Internet Explorer accesses an object that has been deleted or improperly allocated. Memory can be corrupted in order to allow a hacker to execute malicious code via the browser in the context of the current user. Through the use of websites specially designed to exploit this vulnerability, an attacker could deploy malicious payloads or assume control of a victim’s computer. At this time, the exploit has only been reported in a small number of targeted attacks, but that number could quickly grow.
Microsoft has not yet released a patch for the vulnerability, but has issued a security advisory outlining several steps that can be taken to prevent it. It is recommended that users install the Enhanced Mitigation Experience Toolkit (EMET) and set the internet and local intranet security settings in Internet Explorer to ‘High’ in order to block ActiveX Controls and Active Scripting in these zones.
While Microsoft’s current suggestions may help prevent the exploit, they may not be practical for all users. EMET is an advanced tool that can take time to properly deploy and can be complicated. The changes to the Internet Explorer security settings may also interfere with functionality on the web and could be inconvenient. It is also important to note that the suggested solutions have not yet been confirmed to be entirely effective. Fortunately the exploit can be avoided by using an alternative web browser such as Google Chrome or Mozilla Firefox until a patch for the vulnerability is released.
It is also extremely important to have an active antivirus solution installed in case an attacker succeeds in using this vulnerability. Webroot SecureAnywhere users will be protected from most malware even if an exploit is successful.