New IE zero-day first to leave Windows XP exposed, unprotected

New IE zero-day first to leave Windows XP exposed, unprotected

Microsoft is trying to gauge the seriousness of a zero-day flaw in all Internet Explorer browsers from versions 6 through 11 and whether it warrants issuing an out-of-band fix before May's Patch Tuesday.

The vulnerability, which is being exploited in the wild, allows remote code execution within the browser and could be carried out by luring users to specially crafted Web pages. It then enables attackers to assume the same privileges as the current user.

+ Also on Network World: Secure browsers offer alternatives to Chrome, IE and Firefox | Best browsers for safe surfing +

While Microsoft investigates, it recommends that users deploy its Enhanced Mitigation Experience Toolkit (EMET) 4.1, whose default setting helps protect IE. EMET can be configured using group policy.

It also recommends blocking Active X Controls and Active Scripting by setting IE security zone settings to "high." This may cause some Web sites to behave incorrectly. "If you have difficulty using a website after you change this setting, and you are sure the site is safe to use, you can add that site to your list of trusted sites," Microsoft says. "This will allow the site to work correctly even with the security setting set to High."

According to Ross Barrett, a security engineer at Rapid7, the known exploit relies on Adobe Flash. "Disabling or removing flash will block the known exploit, but does not address the root cause issue in Internet Explorer," he says in a blog post.

He notes that this is the first major issue to hit Windows XP since Microsoft stopped supporting the operating system April 8. The Microsoft security advisory doesn't mention XP as an affected system since the company no longer provides security updates for it.

There are some mitigating factors surrounding the vulnerability, Microsoft says, including that some default-mode configurations that may lessen the threat it poses. Microsoft says:

  • By default, Internet Explorer on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 runs in a restricted mode that is known as Enhanced Security Configuration. This mode mitigates this vulnerability.
  • By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML email messages in the Restricted sites zone. The Restricted sites zone, which disables script and ActiveX controls, helps reduce the risk of an attacker being able to use this vulnerability to execute malicious code. If a user clicks a link in an email message, the user could still be vulnerable to exploitation of this vulnerability through the web-based attack scenario.
  • An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • In a web-based attack scenario, an attacker could host a website that contains a webpage that is used to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website.

Tim Greene covers Microsoft and unified communications for Network World and writes the Mostly Microsoft blog. Reach him at and follow him on Twitter @Tim_Greene.

Read more about wide area network in Network World's Wide Area Network section.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags MicrosoftFirefoxWide Area Network



The making of an MSSP: a blueprint for growth in NZ

The making of an MSSP: a blueprint for growth in NZ

Partners are actively building out security practices and services to match, yet remain challenged by a lack of guidance in the market. This exclusive Reseller News Roundtable - in association with Sophos - assessed the making of an MSSP, outlining the blueprint for growth and how partners can differentiate in New Zealand.

The making of an MSSP: a blueprint for growth in NZ
Reseller News Platinum Club celebrates leading partners in 2018

Reseller News Platinum Club celebrates leading partners in 2018

The leading players of the New Zealand channel came together to celebrate a year of achievement at the inaugural Reseller News Platinum Club lunch in Auckland. Following the Reseller News Innovation Awards, Platinum Club provides a platform to showcase the top performing partners and start-ups of the past 12 months, with more than ​​50 organisations in the spotlight.​​​

Reseller News Platinum Club celebrates leading partners in 2018
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP has honoured its leading partners in New Zealand during 2018, following 12 months of growth through the local channel. Unveiled during the fourth running of the ceremony in Auckland, the awards recognise and celebrate excellence, growth, consistency and engagement of standout Kiwi partners.

Meet the top performing HP partners in NZ
Show Comments