Menu
New IE zero-day first to leave Windows XP exposed, unprotected

New IE zero-day first to leave Windows XP exposed, unprotected

Microsoft is trying to gauge the seriousness of a zero-day flaw in all Internet Explorer browsers from versions 6 through 11 and whether it warrants issuing an out-of-band fix before May's Patch Tuesday.

The vulnerability, which is being exploited in the wild, allows remote code execution within the browser and could be carried out by luring users to specially crafted Web pages. It then enables attackers to assume the same privileges as the current user.

+ Also on Network World: Secure browsers offer alternatives to Chrome, IE and Firefox | Best browsers for safe surfing +

While Microsoft investigates, it recommends that users deploy its Enhanced Mitigation Experience Toolkit (EMET) 4.1, whose default setting helps protect IE. EMET can be configured using group policy.

It also recommends blocking Active X Controls and Active Scripting by setting IE security zone settings to "high." This may cause some Web sites to behave incorrectly. "If you have difficulty using a website after you change this setting, and you are sure the site is safe to use, you can add that site to your list of trusted sites," Microsoft says. "This will allow the site to work correctly even with the security setting set to High."

According to Ross Barrett, a security engineer at Rapid7, the known exploit relies on Adobe Flash. "Disabling or removing flash will block the known exploit, but does not address the root cause issue in Internet Explorer," he says in a blog post.

He notes that this is the first major issue to hit Windows XP since Microsoft stopped supporting the operating system April 8. The Microsoft security advisory doesn't mention XP as an affected system since the company no longer provides security updates for it.

There are some mitigating factors surrounding the vulnerability, Microsoft says, including that some default-mode configurations that may lessen the threat it poses. Microsoft says:

  • By default, Internet Explorer on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 runs in a restricted mode that is known as Enhanced Security Configuration. This mode mitigates this vulnerability.
  • By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML email messages in the Restricted sites zone. The Restricted sites zone, which disables script and ActiveX controls, helps reduce the risk of an attacker being able to use this vulnerability to execute malicious code. If a user clicks a link in an email message, the user could still be vulnerable to exploitation of this vulnerability through the web-based attack scenario.
  • An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • In a web-based attack scenario, an attacker could host a website that contains a webpage that is used to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website.

Tim Greene covers Microsoft and unified communications for Network World and writes the Mostly Microsoft blog. Reach him at tgreene@nww.com and follow him on Twitter @Tim_Greene.

Read more about wide area network in Network World's Wide Area Network section.


Follow Us

Join the newsletter!

Error: Please check your email address.

Tags securityMicrosoftFirefoxWide Area Network

Featured

Slideshows

Looking back at the top 15 M&A deals in NZ during 2017

Looking back at the top 15 M&A deals in NZ during 2017

In 2017, merger and acquisitions fever reached new heights in New Zealand, with a host of big name deals dominating the headlines. Reseller News recaps the most important transactions of the Kiwi channel during the past 12 months.

Looking back at the top 15 M&A deals in NZ during 2017
Kiwi channel closes 2017 with After Hours

Kiwi channel closes 2017 with After Hours

The channel in New Zealand came together to celebrate the close of 2017, as the final After Hours played out in front of a bumper Auckland crowd.

Kiwi channel closes 2017 with After Hours
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP honoured leading partners across the channel at the Partner Awards 2017 in New Zealand, recognising excellence across the entire print and personal systems portfolio.

Meet the top performing HP partners in NZ
Show Comments