Internet Explorer zero-day exploit prompts Microsoft to publish emergency Fix it

Filed Under: Featured, Internet Explorer, Microsoft, Vulnerability, Windows

microsoft fix itFor the first time in a little over four months, Microsoft published an emergency advisory and Fix it for users of its Internet Explorer web browser.

Exploitation of Internet Explorer 8 and 9 has already been witnessed in the wild. That doesn't necessarily mean that users of Internet Explorer 6, 7, 10 and 11 are safe however.

The only unaffected Windows platforms are the server platforms that ship with IE in restricted mode by default. If you have disabled the restricted mode, these may also be vulnerable.

The flaw is being referenced as CVE-2013-3893 and when exploited successfully results in remote code execution (RCE) as the logged in user.

This is one of the reasons we frequently advise users not to run as an administrator for everyday tasks like internet browsing.

If an attacker wants to inflict more serious damage he will need to also use a elevation of privilege (EoP) exploit to gain more access to the victim PC.

There are several different ways to protect yourself until an official fix from Microsoft becomes available.

EMET170For more advanced users and corporate IT managers you can use Microsoft EMET to mitigate exploitation of this flaw as recommended in Microsoft's advisory 2887505.

For everyday Windows users Microsoft is also providing a "Fix it" download that changes your settings to provide protection until a permanent fix is available, but this only works in 32 bit versions of Internet Explorer.

My advice for non-corporate PCs is to simply use another browser until Microsoft is able to deliver a fix. There are many choices including Firefox, Chrome, Safari and Opera.

We will keep an eye out for any updates on this vulnerability and alert our readers as soon as a permanent fix is available. Typically Microsoft will release an update as soon as possible.

Sophos Techknow - Understanding Vulnerabilities

If you want to learn more about remote code execution, information disclosure, denial of service and elevation of privilege flaws, why not give the latest Sophos Techknow a listen?

In 15 minutes Paul Ducklin and I try to explain what all of this vulnerability jargon means in a useful manner to IT administrators.

, , ,

You might like

5 Responses to Internet Explorer zero-day exploit prompts Microsoft to publish emergency Fix it

  1. MikeP_UK · 345 days ago

    Unfortunately for Windows users, you have to have IE - it's an essential element of Windows. So just using a different browser may not be enough! IE is still there and still potentially vulnerable.

    So my suggestion is to use the Fix-it (to try to close the 'hole') but continue to use an alternative browser anyway.

    • Pietje · 344 days ago

      In Windows Vista+ you can disable I.E.

      • MikeP_UK · 344 days ago

        No, not really. All that does is disable the GUI of IE, the core where the vulnerability lies is still running in the background as it's an inherent part of Windows. In W7 and W8 the Updating uses the core of IE to seek the updates and download them even if you have 'disabled' IE.

        So I advise running the Fix-It, to work around the vulnerability that remains even when you 'disable' IE, and using a different and up-to-date browser.

  2. Damon · 344 days ago

    What about for those who have 64-bit?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.