Contact Us




Change Locale

How to Protect Your Computer from the Zero-Day Internet Explorer Exploit – UPDATED

Microsoft | Posted on April 30, 2014 by Matthew Thiffault

On April 26, 2014, Microsoft released Security Advisory 2963983 to notify customers of a vulnerability in Internet Explorer. At this time, Microsoft is aware of limited, targeted attacks and encourage customers to follow the suggested mitigations outlined in the security advisory while an update is finalized.

An attacker could trigger a Zero-Day Internet Explorer exploit through a malicious webpage that the targeted user has to access with one of the affected IE browsers (IE 6 through 11). If the attacker is successful, they can run code in order to gain the same user rights as the current user. This all depends on the loading of a Flash SWF file that calls for a javascript vulnerability in IE to trigger the flaw, which also allows the exploit to bypass the windows ASLR (Address space layout randomization) and DEP (Data Execution Prevention) protections on the target system, exploiting the Adobe Flash plugin. More detail on how these work here.

Here is the scoop on this one: if you have an administrator who gets caught by this vulnerability, you will have problems. The good news is they only access the user they are trying to target. The interesting thing here: this is the first open vulnerability that will not be patched on XP. This is an IE vulnerability, but technically there is only one version of IE for XP and that is IE 8. Although they are only seeing cases of this in the wild that are hitting IE 9 to IE 11, IE 8 is still vulnerable and therefore a concern, as there is probably not going to be an official patch.

Until the next patch is available

Microsoft investigations has revealed that Enhanced Protected Mode, on by default for the modern browsing experience in Internet Explorer 10 and Internet Explorer 11, as well as Enhanced Mitigation Experience Toolkit (EMET) 4.1 and EMET 5.0 Technical Preview, will help protect against this potential risk. They encourage customers to follow the suggested mitigations outlined in Security Advisory 2963983 while an update is finalized.

Most will have to wait until the next patch on Tuesday, May 13, 2014, but I dug around and found a few resources that will help you:

As suggested by Microsoft, install Enhanced Mitigation Experience Toolkit, a free utility that helps prevent vulnerabilities in software from being successfully exploited. And if you are using IE 10 or IE 11, enable Enhanced Protected Mode to prevent your browser from some Zero-Day Attacks.

You can also protect against exploitation by changing your settings for the Internet security zone to block ActiveX controls and Active Scripting:

Tools / Internet Options / Security / Internet / Custom Level

    • Under Scripting Settings: Disable Active Scripting
    • Under Local intranet’s Custom Level Settings: Disable Active Scripting

IE Exploit will not work without Adobe Flash.

Users are advised to disable the Adobe Flash plugin within IE. This one is a good idea if you have XP systems: De-Register VGX.dll (VML parser) file, which is responsible for rendering of VML (Vector Markup Language) code in web pages, in order to prevent exploitation. Run following command:

 regsvr32 -u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"

There is more good news here. Some security vendors have created rules to protect against this threat. TrendMicro specifically talks about rules they’ve created to block files that would trigger this vulnerability using their tools.

Time for a change

There is one other easy (and, in my opinion, obvious) option: use another browser. There are many browsers out there that are very good, like Google Chrome or firefox.

Perhaps it is time for a change – changing either your browser or working towards phasing out Windows XP (it IS 13 years old after all — most people don’t even keep a car that long, let along some old software).

UPDATE (May 1st, 2014): 

Microsoft  has released an out-of-band security update to address the issue affecting Internet Explorer (IE) that was first discussed in Security Advisory 2963983. This will include all versions even those affecting windows XP this time. Microsoft still encourages customer to upgrade to windows 7 or 8.1 and to the latest version of IE 11. Also this should happen automatically if you have automatic updates enabled.

On Friday May 2nd at 2:00 EST Microsoft will present this information in a live webcast.

Related Articles

Culture | August 6, 2020 by Softchoice

This July, we celebrated our third annual Social Impact Month.   At Softchoice, July serves as a rallying point for every person in the company to generate meaningful impact. With the unprecedented events of this year, it was more important than ever that we looked to better support the communities in which we live and work while building a more giving and compassionate culture.   Although our […]

Culture | July 27, 2020 by Softchoice

Toward the end of February, the reality of the COVID-19 pandemic was becoming more evident to the Softchoice leadership team. Our People and Growth leaders knew they would need an agile response to keep our people and our customers safe.    Our business continuity plans to address technology redundancy were in place.  As a result of processes that had been in place for 3 years, we were perhaps ahead of most in our ability to move to a full remote work […]

Culture | June 17, 2020 by Softchoice

In 1989, Jone Panavas founded Softchoice along with David Holgate to make it easier for businesses to source and acquire hard–to–find software products. Jone and David set out to make Softchoice a different kind of company from the very beginning, one where inclusiveness was a core tenet and employees were encouraged to bring their authentic selves to work.   While the technology landscape has become far more complex in the last 30 years, another […]