[SingCERT] Microsoft Internet Explorer Zero Day Exploit

Published on Monday, 28 April 2014 18:13

[ Background ]

Microsoft Internet Explorer (IE) versions 6 to 11 are being exploited by a new vulnerability.  The exploit bypasses both the Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP) protections found in Windows, which are meant to minimize the chances of an exploit running successfully.

[ Impact ]

System memory may be corrupted and arbitrary codes could be executed remotely to compromise your organisation’s systems.

[ Solutions/Alternatives ]

There is currently no patch for this exploit yet.Administrators may consider the following alternatives but should evaluate them before deploying to any user’s machines.

Administrators are to check with their security vendors if their current security software is able to detect and prevent the attack. If so, they should update their security software immediately.

Important note: 

NO patches will be provided for Windows XP users asMicrosoft has ended support for Windows XP.
Windows XP users may consider upgrading Windows XP to Windows 8 or switch to an alternative browser such as Firefox, Chrome or Opera to mitigate this risk. 

  1. Deploy Enhanced Mitigation Experience Toolkit (EMET) 4.1
  2. Enable Enhanced Protected Mode in Internet Explorer (applicable to IE 10 and above)
  3. Configure Internet Explorer to prompt before running Active Scripting or disable Active Scripting for Internet and Local Intranet security zones (Note: Configuring Internet Explorer to prompt before running Active Script will result in excessive prompts and disabling Active Scripting may cause some websites to be non-functional)
  4. Use alternative browsers such as Firefox, Chrome or Opera

[ References ]