News

Microsoft offers temporary fix for Internet Explorer zero-day

Brandan Blevins, Assistant Site Editor

Microsoft has released an Internet Explorer "Fix it" to temporarily address a vulnerability that exists in all supported versions of its Web browser.

The IE Fix it, CVE-2013-3893 MSHTML Shim Workaround,

    Requires Free Membership to View

according to a blog post by the Redmond, Wash.-based software giant, aims to prevent the active exploitation of a newly discovered remote code execution vulnerability while Microsoft works on a permanent resolution. Though all supported versions of Internet Explorer (IE) could be affected, Microsoft said reports indicated only versions 8 and 9 have been actively targeted.

In a blog post, Microsoft Security Response Center Engineer Neil Sikka explained that attackers are targeting a use-after-free vulnerability in the HTML rendering engine of IE. He noted that the attacks take advantage of a Microsoft Office DLL that was not compiled with Address Space Layout Randomization (ASLR) enabled.

Attackers can target this vulnerability via malicious webpages and possibly advertisements, but attackers still need to direct users to the malicious content via a Web link, email or IM. Attackers can potentially gain user rights via a successful exploit, though those rights could be limited based on the account settings of the current user.

Beyond applying the temporary fix, the company also advised that version 4.0 of its Enhanced Mitigation Experience Toolkit could help protect against the active exploits it has analyzed.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: