New Internet Explorer Zero-day Vulnerability

New Internet Explorer Zero-day Vulnerability

CVE-2014-1776


Internet Explorer (IE) 0-day Vulnerability

A new zero-day vulnerability affecting all versions of Internet Explorer (IE) 6-11, which is over 25% of the browser market, has been recently confirmed by Microsoft. This vulnerability (CVE-2014-1776) allows for remote code execution based upon how IE accesses objects in memory if deleted or improperly allocated. This can allow the attacker to execute arbitrary code as the current user. The new exploitation uses a use-after-free vulnerability along with a previously known Flash vulnerability to achieve memory access and bypass Window’s protection mechanisms, ASLR and DEP. Additional Information can be found at:https://technet.microsoft.com/en-US/library/security/2963983
Recommendations:

  • Use EMET (Enhanced Mitigation Experience Toolkit) versions 4.1 and 5.0 which will help protect users against this risk. The latest EMET versions can be found here:http://technet.microsoft.com/en-US/security/jj653751
  • If you are using IE versions 10 or 11, you should use EPM (Enhanced Protect Mode) and enable 64-bit processes for EPM
  • Disable the Adobe Flash plugin (within IE), this will prevent the exploit
  • Use alternate browsers such as Chrome
  • Set Internet or Intranet Security Zone settings to High

Systems Affected

  • Use EMET (Enhanced Mitigation Experience Toolkit) versions 4.1 and 5.0 which will help protect users against this risk. The latest EMET versions can be found here:http://technet.microsoft.com/en-US/security/jj653751
  • If you are using IE versions 10 or 11, you should use EPM (Enhanced Protect Mode) and enable 64-bit processes for EPM
  • Disable the Adobe Flash plugin (within IE), this will prevent the exploit
  • Use alternate browsers such as Chrome
  • Set Internet or Intranet Security Zone settings to High

Systems Affected:

Windows XP, Windows Vista, Windows Server 2003, Windows Server 2008, Windows 7, Windows 8.x, Windows Server 2012, Windows RT

(Unix/Linux machines should not be affected)

Vulnerable Versions:

Internet Explorer versions 6-11, however the attack specifically targets versions 9-11

** Please note that Microsoft has not yet publicly released a patch for this vulnerability. In addition this will be the first 0-day for Windows XP that will no longer be supported due to the end of support for this OS version.

Basic Components of the Exploit:

  • Manipulation of the heap layout
  • Arbitrary memory access
  • Runtime ROP (Return-Oriented Programming) Generation
  • ROP (Return-Oriented Programming) payload attempts to execute memory at a specific address and execute shellcode
  • Requires attacker to convince users to visit malicious or compromised websites

Alert Detection:

The Masergy Threat Intelligence Team will continue to release alerts on this vulnerability to all Masergy Security as a Service customers as they become available for IDS/IPS Detection + Preventions Modules (DPM) and Vulnerability Scanning Modules (VSM). We currently have the ability to detect and notify on various Flash based exploitation techniques.

If you are not already a Masergy Security as a Service customer, click here to learn more about our Security as a Service offerings and let us help you secure your IT environment!

We've updated our privacy policy. We use cookies to improve the experience of our users, better understand how our website is used, and personalize advertising. By continuing to use this site you are giving us your consent to do this. You can read more and make cookie choices by visiting our privacy policy.