News Stay informed about the latest enterprise technology news and product updates.

Microsoft offers 'fix' for latest Internet Explorer zero day

Microsoft released a temporary fix to mitigate attacks using the most recent Internet Explorer 8 zero day vulnerability.

With a new module exploiting it already released for the Metasploit Framework, this week's Internet Explorer zero...

day vulnerability now has a provisional fix in place. Users of IE 8 (other versions aren't affected) can go to a Microsoft advisory page, click on a cheerful "Fix it" button and install a software shim that provides protection from attacks using the zero-day.

Another approach to mitigating this zero-day is to use Microsoft's Enhanced Mitigation Experience Toolkit (EMET). This free toolkit keeps watch over Windows processes and applies various mitigation techniques to find and react to attacks on memory corruption vulnerabilities. In a blog post, Qualys CTO Wolfgang Kandek said, "We ran EMET through its paces with the Metasploit module for CVE-2013-1347, and it indeed catches the exploit before it can install the RAT program." Since this is also by no means the first Internet Explorer zero day, using EMET as a general protection strategy seems wise.

The Microsoft advisory describing the vulnerability also pointed out additional factors mitigating attacks, including the default "restricted" mode used to run IE on Windows Server 2003, 2008 and 2008 R2. Another mitigating factor is that all supported versions of Microsoft Outlook, Outlook Express and Windows Mail open HTML-encoded messages in restricted mode.

Several security vendors reported that the U.S. Department of Labor website was hacked over the weekend in an attack that placed code to exploit the flaw within site visitors' browsers and then downloaded malware to their systems. A CrowdStrike blog entry on the attack notes, "Eight other compromised sites were also reported to be similarly compromised, with the data suggesting that this campaign began in mid-March."

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

PRO+

Content

Find more PRO+ content and other member only offers, here.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

  • CIO Trends #6: Benelux

    In this e-guide, read about the Netherlands' coalition government's four year plan which includes the term 'cyber' no fewer than ...

  • Where next for blockchain?

    In this e-guide, read about how blockchain's inherent security makes it tamper-proof, and perfect for keeping and sharing records...

  • NHS builds online ID verification platform

    NHS England’s chief digital officer Juliet Bauer reveals the NHS is working to build its own online ID verification system

Close