Update (5th April, 2014) – Microsoft provided a patch last week for all the Windows versions, in order to fix the issue . Microsoft also provided patch for Windows XP users who support had officially ended nearly a month ago. Microsoft’s Adrienne Hall, general manager for Microsoft Trustworthy Computing said in a statement, “The security of our products is something we take incredibly seriously. When we saw the first reports about this vulnerability we decided to fix it, fix it fast, and fix it for all our customers”. However, that does not mean Microsoft will be as generous enough in future too, where Windows XP is concerned. For now at least, Windows XP users too are safe from this particular zero day exploit.
Post Updated (Jan 2, 2016): Fireeye has now removed the blog on their website
Zero Day exploits in Internet Explorers seems to have become regular news for a while now. Fire-Eye Research Labs, who had previously also discovered such exploits, have recently discovered yet another Zero day exploit in Internet Explorer quite recently.
Although the vulnerability in question Internet Explorer version 6 through 11, Fire Eye suggests the attack is being targeted towards Internet Explorer version 9 through 11.
Microsoft is aware about the vulnerability and describes it as “A remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.” Microsoft said they are investigating the issue and will roll out a monthly security update or an out-of-cycle update soon.
Fire Eye labs, who uncovered the exploit, termed it as a part of their ongoing investigation / campaign named “Operation Clandestine Fox”. For security reasons, they decided against providing more details about this campaign. However, they do believe that this vulnerability is a significant Zero Day.
This news is obviously bad, but is even worse for users who are still using Windows XP, which as we all know was retired by Microsoft on 8th April, 2014 for all security updates and patches. What it means is Microsoft will release the patch eventually, on their scheduled patch Tuesday’s, but it will only be supported by PC’s running Windows Vista and above.
A workaround for Windows XP users would be to either ditch Internet Explorer in favor Chrome, Firefox, Safari, etc., or install Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) 4.1. EMET helps mitigating risks and further help reduce attacks.
For more than a year, Microsoft has been hit with Zero Day based attacks multiple times at regular intervals, the previous one in November 2013. However, Microsoft had at that time, released the patch within a week itself.
You can download EMET from Microsoft’s Official website [Link removed]. To know more about this new Zero Day exploit in detail, you can read the detailed report from Fire Eye Research Labs blog or from Microsoft’s Technet blog. We will update this post once we have more information about the patch.