Defending against that Internet Explorer exploit

"The world is waiting for the patch from Microsoft to fix a critical flaw in Internet Explorer. Guest blogger Paul Ducklin, Sophos’s Asia-Pacific head of technology, describes the steps you can take to defend your computers. Over to you Paul…"

Paul Ducklin

As soon as Microsoft’s new Internet Explorer patch comes out (this is scheduled for later today), apply it. This closes the hole which the exploit uses. That means there will be no buffer overflow, and the browser retains control. Infection does not occur.

If your anti-virus software includes a BOPS feature (Buffer Overflow Prevention System), turn it on. BOPS can detect that a buffer overflow has happened and freeze your browser before it is tricked into running the shellcode. Infection does not occur.

If your anti-virus has an IE plugin (sometimes called a BHO or Browser Helper Object), turn it on. This can detect that a web page containing an exploit is about to be displayed inside the browser. The page in blocked so there is no buffer overflow. Infection does not occur.

Make sure your anti-virus is active and has recently updated. This means that the malware program downloaded by the exploit will be blocked and thus cannot be installed. Infection does not occur.

Lastly, if you are one of the increasing number of users who has switched operating system, eg. to Mac OS X, or has switched browser, eg. to Firefox or Opera, don’t sit back and smirk at your IE-using chums!

The advice about prompt patching and the effective use of anti-virus and other security software, applies to you too.

For example, Apple just published a whopping 190MB update to OS X (which now goes to version 10.5.6), including numerous important security fixes. Opera went from 9.62 to 9.63 on Tuesday, again to close some known security holes. And Firefox has today notified users of the release of version 3.0.5, fixing what they call “several security issues”, including three considered “critical — vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing”. (Exactly the sequence of events used by the Internet Explorer attacks)

One mitigating factor for Firefox and Opera users is that we’re not yet aware of any active exploitation online of those vulnerabilities. Still, best not take the chance. Get those patches downloaded ASAP.

Oh, and if you get a new netbook for Christmas, don’t forget that you need to patch it before you start showing it off to your parents, children, spouse, partner, chums! Sorry to be a wowser on Christmas Day, but patches really are important, especially when they close holes which the bad guys are already well aware of.