Contact Us




Change Locale

How to Protect Your Computer from the Zero-Day Internet Explorer Exploit – UPDATED

Microsoft | Posted on April 30, 2014 by Matthew Thiffault

On April 26, 2014, Microsoft released Security Advisory 2963983 to notify customers of a vulnerability in Internet Explorer. At this time, Microsoft is aware of limited, targeted attacks and encourage customers to follow the suggested mitigations outlined in the security advisory while an update is finalized.

An attacker could trigger a Zero-Day Internet Explorer exploit through a malicious webpage that the targeted user has to access with one of the affected IE browsers (IE 6 through 11). If the attacker is successful, they can run code in order to gain the same user rights as the current user. This all depends on the loading of a Flash SWF file that calls for a javascript vulnerability in IE to trigger the flaw, which also allows the exploit to bypass the windows ASLR (Address space layout randomization) and DEP (Data Execution Prevention) protections on the target system, exploiting the Adobe Flash plugin. More detail on how these work here.

Here is the scoop on this one: if you have an administrator who gets caught by this vulnerability, you will have problems. The good news is they only access the user they are trying to target. The interesting thing here: this is the first open vulnerability that will not be patched on XP. This is an IE vulnerability, but technically there is only one version of IE for XP and that is IE 8. Although they are only seeing cases of this in the wild that are hitting IE 9 to IE 11, IE 8 is still vulnerable and therefore a concern, as there is probably not going to be an official patch.

Until the next patch is available

Microsoft investigations has revealed that Enhanced Protected Mode, on by default for the modern browsing experience in Internet Explorer 10 and Internet Explorer 11, as well as Enhanced Mitigation Experience Toolkit (EMET) 4.1 and EMET 5.0 Technical Preview, will help protect against this potential risk. They encourage customers to follow the suggested mitigations outlined in Security Advisory 2963983 while an update is finalized.

Most will have to wait until the next patch on Tuesday, May 13, 2014, but I dug around and found a few resources that will help you:

As suggested by Microsoft, install Enhanced Mitigation Experience Toolkit, a free utility that helps prevent vulnerabilities in software from being successfully exploited. And if you are using IE 10 or IE 11, enable Enhanced Protected Mode to prevent your browser from some Zero-Day Attacks.

You can also protect against exploitation by changing your settings for the Internet security zone to block ActiveX controls and Active Scripting:

Tools / Internet Options / Security / Internet / Custom Level

    • Under Scripting Settings: Disable Active Scripting
    • Under Local intranet’s Custom Level Settings: Disable Active Scripting

IE Exploit will not work without Adobe Flash.

Users are advised to disable the Adobe Flash plugin within IE. This one is a good idea if you have XP systems: De-Register VGX.dll (VML parser) file, which is responsible for rendering of VML (Vector Markup Language) code in web pages, in order to prevent exploitation. Run following command:

 regsvr32 -u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"

There is more good news here. Some security vendors have created rules to protect against this threat. TrendMicro specifically talks about rules they’ve created to block files that would trigger this vulnerability using their tools.

Time for a change

There is one other easy (and, in my opinion, obvious) option: use another browser. There are many browsers out there that are very good, like Google Chrome or firefox.

Perhaps it is time for a change – changing either your browser or working towards phasing out Windows XP (it IS 13 years old after all — most people don’t even keep a car that long, let along some old software).

UPDATE (May 1st, 2014): 

Microsoft  has released an out-of-band security update to address the issue affecting Internet Explorer (IE) that was first discussed in Security Advisory 2963983. This will include all versions even those affecting windows XP this time. Microsoft still encourages customer to upgrade to windows 7 or 8.1 and to the latest version of IE 11. Also this should happen automatically if you have automatic updates enabled.

On Friday May 2nd at 2:00 EST Microsoft will present this information in a live webcast.

Related Articles

Culture | October 10, 2019 by Alex Macks

Softchoice’s co-op students are hired for their fresh ideas and wealth of knowledge they bring to our Softchoice teams. Ranjit Singh wrapped up his third consecutive co-op term with Softchoice in Summer 2019. He now works part-time as a .NET Developer while completing his last semester at Sheridan College in the Software Development and Network […]

Innovation Executive Forum | September 13, 2019 by Karen Bader

Enterprises today understand the requirement to combat slow and low end-user adoption, especially when the solutions are intended to transform the way people work, as with new communications and collaboration tools. For years, Softchoice has been offering end-to-end, turnkey adoption services, helping businesses across North America unlock more value, quickly, from their key collaboration investments. […]

Uncategorized | August 28, 2019 by Susana Byun

Here are your top 10 must-read Microsoft announcements from August 2019 curated by Softchoice: