Solutions to Microsoft Internet Explorer Zero-day vulnerabilities not necessarily effective

Despite widespread news of the zero-day vulnerability in Internet Explorer, Microsoft has not yet released a patch for the exposure (although it has announced that it would). Instead it has issued a security advisory outlining several steps that can be taken to prevent it.

This new vulnerability exploit affects Internet Explorer web browsers versions 9 and below, running on Windows XP, Vista and 7, offering cyber criminals access to individuals’ devices, allowing them to remotely execute malicious code from compromised websites.

Referred to as a “use-after-free” vulnerability, this exploit relies on the way that Internet Explorer accesses an object that has been deleted or improperly allocated. Memory can be corrupted in order to allow a hacker to execute malicious code via the browser in the context of the current user.

Through the use of websites specially designed to exploit this vulnerability, an attacker could deploy malicious payloads or assume control of a victim’s computer. At this time, the exploit has only been reported in a small number of targeted attacks, but that number could quickly grow.

Through the security advisory Microsoft has urged people running Internet Explorer 6, 7, 8 & 9 to install the Enhanced Mitigation Experience Toolkit (EMET) and set the internet and local intranet security settings in Internet Explorer to ‘High’ in order to block ActiveX Controls and Active Scripting in these zones.

While Microsoft’s current suggestions may help prevent the exploit, they may not be practical for all users. EMET is an advanced tool that can take time to properly deploy and can be complicated. The changes to the Internet Explorer security settings may also interfere with functionality on the web and could be inconvenient. It is also important to note that the suggested solutions have not yet been confirmed to be entirely effective.

Fortunately, users can avoid the exploit by using an alternative web browser such as Google Chrome or Mozilla Firefox until a patch for the vulnerability is released. It is also extremely important to have an active antivirus solution installed in case an attacker succeeds in using this vulnerability.

Brenden Vaughan is Senior Threat Research Analyst at WebRoot and Member of the senior queue of Threat Research, responsible for advanced malware research and definition creation/modification.