Contact Us




Change Locale

How to Protect Your Computer from the Zero-Day Internet Explorer Exploit – UPDATED

Microsoft | Posted on April 30, 2014 by Matthew Thiffault

On April 26, 2014, Microsoft released Security Advisory 2963983 to notify customers of a vulnerability in Internet Explorer. At this time, Microsoft is aware of limited, targeted attacks and encourage customers to follow the suggested mitigations outlined in the security advisory while an update is finalized.

An attacker could trigger a Zero-Day Internet Explorer exploit through a malicious webpage that the targeted user has to access with one of the affected IE browsers (IE 6 through 11). If the attacker is successful, they can run code in order to gain the same user rights as the current user. This all depends on the loading of a Flash SWF file that calls for a javascript vulnerability in IE to trigger the flaw, which also allows the exploit to bypass the windows ASLR (Address space layout randomization) and DEP (Data Execution Prevention) protections on the target system, exploiting the Adobe Flash plugin. More detail on how these work here.

Here is the scoop on this one: if you have an administrator who gets caught by this vulnerability, you will have problems. The good news is they only access the user they are trying to target. The interesting thing here: this is the first open vulnerability that will not be patched on XP. This is an IE vulnerability, but technically there is only one version of IE for XP and that is IE 8. Although they are only seeing cases of this in the wild that are hitting IE 9 to IE 11, IE 8 is still vulnerable and therefore a concern, as there is probably not going to be an official patch.

Until the next patch is available

Microsoft investigations has revealed that Enhanced Protected Mode, on by default for the modern browsing experience in Internet Explorer 10 and Internet Explorer 11, as well as Enhanced Mitigation Experience Toolkit (EMET) 4.1 and EMET 5.0 Technical Preview, will help protect against this potential risk. They encourage customers to follow the suggested mitigations outlined in Security Advisory 2963983 while an update is finalized.

Most will have to wait until the next patch on Tuesday, May 13, 2014, but I dug around and found a few resources that will help you:

As suggested by Microsoft, install Enhanced Mitigation Experience Toolkit, a free utility that helps prevent vulnerabilities in software from being successfully exploited. And if you are using IE 10 or IE 11, enable Enhanced Protected Mode to prevent your browser from some Zero-Day Attacks.

You can also protect against exploitation by changing your settings for the Internet security zone to block ActiveX controls and Active Scripting:

Tools / Internet Options / Security / Internet / Custom Level

    • Under Scripting Settings: Disable Active Scripting
    • Under Local intranet’s Custom Level Settings: Disable Active Scripting

IE Exploit will not work without Adobe Flash.

Users are advised to disable the Adobe Flash plugin within IE. This one is a good idea if you have XP systems: De-Register VGX.dll (VML parser) file, which is responsible for rendering of VML (Vector Markup Language) code in web pages, in order to prevent exploitation. Run following command:

 regsvr32 -u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"

There is more good news here. Some security vendors have created rules to protect against this threat. TrendMicro specifically talks about rules they’ve created to block files that would trigger this vulnerability using their tools.

Time for a change

There is one other easy (and, in my opinion, obvious) option: use another browser. There are many browsers out there that are very good, like Google Chrome or firefox.

Perhaps it is time for a change – changing either your browser or working towards phasing out Windows XP (it IS 13 years old after all — most people don’t even keep a car that long, let along some old software).

UPDATE (May 1st, 2014): 

Microsoft  has released an out-of-band security update to address the issue affecting Internet Explorer (IE) that was first discussed in Security Advisory 2963983. This will include all versions even those affecting windows XP this time. Microsoft still encourages customer to upgrade to windows 7 or 8.1 and to the latest version of IE 11. Also this should happen automatically if you have automatic updates enabled.

On Friday May 2nd at 2:00 EST Microsoft will present this information in a live webcast.

Related Articles

Culture | July 5, 2019 by Alex Macks

As an organization that strives towards gender balance, Softchoice took part in a recent weeklong boot camp for women in tech sales in partnership with Talent Minded and The Revenue U.

Culture | July 5, 2019 by Alex Macks

The Softchoice co-op program enables students to gain hands-on experience across a variety of fields. I recently had the opportunity to talk to one of the co-op students about her experience at Softchoice.

Microsoft | June 20, 2019 by Susana Byun

Learn how the Microsoft Cloud Solution Provider (CSP) program helps partners add value while their customers gain flexibility Editor’s note (June 2019): We updated this post to reflect the latest CSP news and Softchoice webinar which can be viewed below.  Technology acquisition continues to evolve – away from physically owned infrastructure and towards cloud subscription […]