Menu
New IE zero-day first to leave Windows XP exposed, unprotected

New IE zero-day first to leave Windows XP exposed, unprotected

Microsoft is trying to gauge the seriousness of a zero-day flaw in all Internet Explorer browsers from versions 6 through 11 and whether it warrants issuing an out-of-band fix before May's Patch Tuesday.

The vulnerability, which is being exploited in the wild, allows remote code execution within the browser and could be carried out by luring users to specially crafted Web pages. It then enables attackers to assume the same privileges as the current user.

+ Also on Network World: Secure browsers offer alternatives to Chrome, IE and Firefox | Best browsers for safe surfing +

While Microsoft investigates, it recommends that users deploy its Enhanced Mitigation Experience Toolkit (EMET) 4.1, whose default setting helps protect IE. EMET can be configured using group policy.

It also recommends blocking Active X Controls and Active Scripting by setting IE security zone settings to "high." This may cause some Web sites to behave incorrectly. "If you have difficulty using a website after you change this setting, and you are sure the site is safe to use, you can add that site to your list of trusted sites," Microsoft says. "This will allow the site to work correctly even with the security setting set to High."

According to Ross Barrett, a security engineer at Rapid7, the known exploit relies on Adobe Flash. "Disabling or removing flash will block the known exploit, but does not address the root cause issue in Internet Explorer," he says in a blog post.

He notes that this is the first major issue to hit Windows XP since Microsoft stopped supporting the operating system April 8. The Microsoft security advisory doesn't mention XP as an affected system since the company no longer provides security updates for it.

There are some mitigating factors surrounding the vulnerability, Microsoft says, including that some default-mode configurations that may lessen the threat it poses. Microsoft says:

  • By default, Internet Explorer on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 runs in a restricted mode that is known as Enhanced Security Configuration. This mode mitigates this vulnerability.
  • By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML email messages in the Restricted sites zone. The Restricted sites zone, which disables script and ActiveX controls, helps reduce the risk of an attacker being able to use this vulnerability to execute malicious code. If a user clicks a link in an email message, the user could still be vulnerable to exploitation of this vulnerability through the web-based attack scenario.
  • An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • In a web-based attack scenario, an attacker could host a website that contains a webpage that is used to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website.

Tim Greene covers Microsoft and unified communications for Network World and writes the Mostly Microsoft blog. Reach him at tgreene@nww.com and follow him on Twitter @Tim_Greene.

Read more about wide area network in Network World's Wide Area Network section.


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags FirefoxMicrosoftsecurityWide Area Network

Featured

Slideshows

Consegna comes to town with AWS cloud offerings launch in Auckland

Consegna comes to town with AWS cloud offerings launch in Auckland

Emerging start-up Consegna has officially launched its cloud offerings in the New Zealand market, through a kick-off event held at Seafarers Building in Auckland.​ Founded in June 2016, the Auckland-based business is backed by AWS and supported by a global team of cloud specialists, leveraging global managed services partnerships with Rackspace locally.

Consegna comes to town with AWS cloud offerings launch in Auckland
Veritas honours top performing trans-Tasman partners

Veritas honours top performing trans-Tasman partners

Veritas honoured its top performing partners across the channel in Australia and New Zealand, recognising innovation and excellence on both sides of the Tasman. Revealed under the Vivid lights in Sydney, Intalock claimed the coveted Partner of the Year 2017 (Pacific) award, with Data#3 acknowledged for 12 months of strong growth across the market. Meanwhile, Datacom took home the New Zealand honours, with Global Storage and Insentra winning service provider and consulting awards respectively. Dicker Data was recognised as the standout distributor of the year, while Hitachi Data Systems claimed the alliance partner award. Photos by Bob Seary.

Veritas honours top performing trans-Tasman partners
An Evening With Eugene Kaspersky for Kiwi partners in Auckland

An Evening With Eugene Kaspersky for Kiwi partners in Auckland

​New Zealand partners came together for An Evening With Eugene Kaspersky in Auckland, an invitation only event as part of Kaspersky Lab Partner Engage. Following an evening of insights and executive networking with the founder of Kaspersky Lab, Eugene Kaspersky, Kiwi partners got up close and personal with Eugene in an unprecedented​ panel discussion. Facilitated by Reseller News, this panel explored channel relationships, successful business strategies, and the latest ground breaking technologies to impact the security market. Photos by Maria Stefina.

An Evening With Eugene Kaspersky for Kiwi partners in Auckland
Show Comments