Microsoft offers temporary fix for Internet Explorer zero-day

Microsoft provides an Internet Explorer fix after confirming a vulnerability affecting all versions of the Web browser is being actively exploited.

Microsoft has released an Internet Explorer "Fix it" to temporarily address a vulnerability that exists in all supported versions of its Web browser.

The IE Fix it, CVE-2013-3893 MSHTML Shim Workaround, according to a blog post by the Redmond, Wash.-based software giant, aims to prevent the active exploitation of a newly discovered remote code execution vulnerability while Microsoft works on a permanent resolution. Though all supported versions of Internet Explorer (IE) could be affected, Microsoft said reports indicated only versions 8 and 9 have been actively targeted.

In a blog post, Microsoft Security Response Center Engineer Neil Sikka explained that attackers are targeting a use-after-free vulnerability in the HTML rendering engine of IE. He noted that the attacks take advantage of a Microsoft Office DLL that was not compiled with Address Space Layout Randomization (ASLR) enabled.

Attackers can target this vulnerability via malicious webpages and possibly advertisements, but attackers still need to direct users to the malicious content via a Web link, email or IM. Attackers can potentially gain user rights via a successful exploit, though those rights could be limited based on the account settings of the current user.

Beyond applying the temporary fix, the company also advised that version 4.0 of its Enhanced Mitigation Experience Toolkit could help protect against the active exploits it has analyzed.

This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close