Zero-day vulnerability in Internet Explorer patched by Microsoft

News by Dan Raywood

Microsoft has issued a security advisory for a zero-day vulnerability in Internet Explorer.

Microsoft has issued a security advisory for a zero-day vulnerability in Internet Explorer.

It claimed that its investigations showed that Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, Internet Explorer 6 and Internet Explorer 7 on supported editions of Windows XP, Windows Server 2003, Windows Vista and Windows Server 2008 are affected. Internet Explorer 8 is not affected.

The vulnerability exists as an invalid pointer reference of Internet Explorer, and it said that it is possible under certain conditions for a CSS/Style object to be accessed after the object is deleted. In a specially-crafted attack, Internet Explorer attempting to access a freed object can lead to running attacker-supplied code.

Microsoft said that it was not aware of any attacks attempting to use this vulnerability against Internet Explorer 6 Service Pack 1 and Internet Explorer 7

Wolfgang Kandek, CTO of Qualys, commented that this vulnerability emerged a mere ten days after acknowledging the SMB flaw in Windows 7. He said: “A proof of concept for the zero-day was published on bugtraq on Friday, but it is not fully reliable against all combinations of browsers and operating systems. Attackers are currently working on improvements to the exploit and we are expecting to see new versions soon.

“The advisory proposes several workarounds, but all of them result in restricted usability of the browser. As Internet Explorer versions 8 and 5 are not affected, for consumers the best option is to upgrade to IE8 or alternatively switch to another product. For enterprise customers IDS/IPS vendors and secure web gateways are able to deliver a degree of protection against the known exploits.”

Symantec detected the exploit with the Bloodhound.Exploit.129 signature, HTTP Microsoft IE Generic Heap Spray BO and HTTP Malicious JavaScript Heap Spray BO IPS signatures. It anticipated that this exploit will be developed further, and new signatures are being created specifically for this exploit.

Zscaler claimed that it was able to deploy initial protections shortly after the exploit code was first released and is continuing to update the protections as additional details become available through the Microsoft Active Protections Program, that it participates in.

Michael Sutton, vice president of security research at Zscaler, said: “Versions 6 and 7 of Internet Explorer account for approximately 41 per cent of web browsers in use today, so this vulnerability will be an enticing one for attackers.

“Attacks such as these are also prime candidates for targeting otherwise legitimate websites as an attack vector. The exploit can be triggered simply via HTML code, so attackers can inject code into websites with weak security protections.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews