Rushed Response to Explorer Flaw

Microsoft has rushed out a workaround for a zero-day exploit affecting the Internet Explorer web browser.

In Security Advisory 2488013, Microsoft warned users of a new publicly-disclosed vulnerability in Internet Explorer (IE).

On its TechNet blog, Microsoft said, "This vulnerability affects all versions of IE. Exploiting this vulnerability could lead to unauthorised remote code execution inside the iexplore.exe process."

Microsoft said that the Metasploit open source penetration testing project published an exploit for the vulnerability using a known technique to evade ASLR (Address Space Layout Randomization) and bypass DEP (Data Execution Prevention) which are used to prevent rogue code from contaminating IE.

IE uses dynamic linked libraries (DLLs) to render certain types of internet content. Some of these support ASLR and cannot be attacked, but IE allows non ASLR DLLs to run. These DLLs run in specific memory locations and can be targeted by hackers.

According to Paul Ducklin, head of technology at Sophos, a good work-around is to use Microsoft's Enhanced Mitigation Experience Toolkit (EMET).

"With this tool, you can force named applications to perform ASLR on every DLL they load, whether the DLL wants it or not. This makes it very much less likely that a remote exploit based on hard-wired addresses will succeed," he wrote on the NakedSecurity blog.

print this article

Return to security news headlines
View Security News Archive

Share with: