Microsoft issues security advisory on IE exploit, patch in works

New workarounds deal with zero-day exploit aimed at IE

Microsoft Monday night issued a security advisory that provides customers with guidance and workarounds for dealing with a zero-day exploit aimed at Internet Explorer and said a patch is forthcoming.

Earlier in the day, the company said it was investigating the incident which emerged over the weekend when someone published the exploit code to the Bugtraq mailing list. By Monday night, Microsoft switched gears and issued the advisory. There have not been any active exploits reported so far.

Microsoft's Security Response Center posted a blog entry last night saying it was working on a patch. "Our teams are currently working to develop an update and we will take appropriate action to protect customers when the update has met the quality bar for broad distribution. That may include releasing the update out of band."

Microsoft released Security Advisory 977981, which includes workarounds for an issue that exposes a flaw in Cascading Style Sheets that could allow for remote code execution. Vulnerabilities that allow remote code execution generally result in patches rated as critical by Microsoft.

The advisory confirmed the vulnerability affects IE 6 on Windows 2000 Service Pack 4, and IE 6 and IE 7 on supported editions of XP, Vista, Windows Server 2003 and Windows Server 2008. Microsoft said users running IE 7 on Vista can configure the browser to run in Protected Mode to limit the impact of the vulnerability. It also recommended setting the Internet zone security setting to "High" to protect against the exploit. The "High" setting will disable JavaScript, which currently is the only confirmed attack mode.

Microsoft said IE 5.01 Service Pack 4 and IE 8 on all supported versions of Windows are not affected.

Microsoft activated its Software Security Incident Response Process (SSIRP) and said the investigation into the vulnerability is ongoing. SSIRP is a four-step process Microsoft has developed to deal with malicious threats.

Issuing the security advisory is Step 3, called assess and stabilize, where "the engineering team investigates and develops the solution, while the communications team reaches out to provide guidance to customers and partners."

Step 4 is the resolution stage where "the Microsoft Security Response Center provides tools and solutions." While Microsoft did not say specifically that it planned to issue a patch, it did say in an e-mail to media that "the company recommends customers review and implement the workarounds outlined in the advisory until a comprehensive security update is released."

Microsoft also is recommending users upgrade their earlier versions of IE to more recent versions that are not susceptible to the attack, which can give a hacker control of the targeted machine.

Earlier in the day, security experts at Symantec's Security Response division said the published IE exploit code does not work reliably but that a better written version is likely on the way.

"The exploit code is not very good," said Ben Greenbaum, senior research manager with Symantec Security Response. "So it is going to have to be fine tuned before it is a real threat. Right now, it is a potential threat. But it is just a matter of time before somebody finds a far more reliable method for exploiting this."

He says if users disable JavaScript in IE they would be protected against the exploit, however, the action also would break some functionality on Web sites.

Greenbaum did note that JavaScript may not be the only attack vector, but right now it is the only one that has been disclosed publicly.

He says Symantec already has various protections out that would foil an attack by this exploit, and that others are also in the works.

For the attack to be carried out a user only has to be directed to a malicious Web page or visit a legitimate Web page that has been compromised with the exploit code.

IE has become a popular attack target for hackers. Just last month, Microsoft issued a patch rated critical to close a vulnerability in IE first disclosed at the Black Hat conference in July. In addition to IE, Firefox also can be vulnerable to the exploit when it is running the Windows Presentation Foundation plug-in, which gets installed via .Net Framework Service Pack 1.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags securityMicrosoftsecurity patch

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

John Fontana

Network World
Show Comments

Cool Tech

Breitling Superocean Heritage Chronographe 44

Learn more >

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?