September 18, 2012
Zero-day Vulnerability Places Nearly All Internet Explorer Users In Danger
Michael Harper for redOrbit.com — Your Universe Online
Microsoft was, no doubt, riding high after discovering and attacking a botnet which was composed of computers that were infected in the supply chain, even before users could click on a spammy link. Yet, for every piece of malware discovered and every botnet dismantled, it can seem like 5 more pop up in their place.
These attacks are born from the same malware group which recently exploited Macs and Windows machines together through a Java vulnerability.
Even those users with fully patched versions of Windows XP and surfing the web with the latest versions of IE 7 or IE 8 are vulnerable to these kinds of attacks, making this exploit even more frightening.
Windows XP users aren´t the only ones in harm´s way, as the basic, underlying vulnerability in IE can still be exploited on both Windows Vista and Windows 7 machines, as well as the latest version of IE 9.
Microsoft posted a blog yesterday saying they are investigating the vulnerability and attacks in most versions of their browser.
“On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs,” writes Microsoft.
So far, Microsoft has released a free piece of software meant to stave off the attacks. The Enhanced Mitigation Experience Toolkit (or EMET) should curb some of these exploits for those who install the software. A new, full update is still expected in the future.
While Microsoft looks to address the issue, one hacking and research group, Metasploit, has already created a working exploit which works on all existing versions of Windows, even taking advantage of the malware protection tool in Windows Vista to gain control of a machine.
"What may be most worrying is that Windows Vista and 7 don't protect you," said HD Moore, creator of the Metasploit tool, speaking with Ars Technica. "This is one of the few times that a vulnerability has been successfully exploited across all the production shipping versions of the browser and OS. The surprising thing about this is the fact they (Metasploit researchers) got to work across every one of these platforms."
Windows remains the most used operating system in America, and is often the choice in many offices and corporations. As such, many of these users who don´t use a web browser very often may still be using IE, making this threat widespread for a number of users. Though the threat is high, Microsoft is saying they´ve only received reports of a “small number of targeted attacks” on windows machines. Microsoft has also said IE 10 on the upcoming Windows 8 appears to be safe from this exploit.
While they work to find a patch for this vulnerability, Microsoft is suggesting users download the EMET, bump their security settings to “High” to block ActiveX and Active Scripting and set up IE to present a prompt before running an active script.