Internet Explorer Threat Update

April 26, 2014

Microsoft has published Security Advisory 2963983 on April 26th 2014.

This Advisory is related to a vulnerability that was discovered in Internet Explorer, versions 6 through 11.

This vulnerability is present in nearly all versions of Internet Explorer, regardless of the Windows OS Version that is in use.

The vulnerability (CVE-2014-1776) exploits a bug in Adobe Flash that allows an attacker to execute malicious commands and potentially compromise an unsuspecting user.

Please note that now that Windows XP is no longer supported by Microsoft, it is not clear if Microsoft will officially release this patch for Internet Explorer on Windows XP.

The Herjavec Group is currently monitoring the situation closely, and as information is released, may provide an official document, as we have in the past.

For the time being, please ensure that any of the below mitigation techniques are in use, in order to protect yourself from this vulnerability.

1 - Deploy the Enhanced Mitigation Experience Toolkit 4.1 or Greater

  • Both Microsoft and FireEye confirm that the vulnerability is no longer exploitable when the default configuration of EMET 4.1/5.0 is used

2 - Block ActiveX Controls and Active Scripting in Internet Explorer's "Local Intranet" and "Internet" zones

  • Please be aware that this will block ActiveX and Scripting within sessions that are classified as Local Intranet or Internet, however it is possible to whitelist websites by adding them to the Trusted Sites zone

3 - Ensure that Enhanced Protected Mode or Enhanced Security Configuration is enabled

  • Enhanced Protected Mode was introduced in IE version 10 and is enabled by Default in Internet Explorer 10 and above
  • Enhanced Security Configuration is enabled by default in Internet Explorer on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2

4 - Disable the Adobe Flash plugin within IE

  • FireEye has confirmed that disabling the Adobe Flash plugin within Internet Explorer, will prevent the exploit from functioning. This of course will prevent any other Applications that use Adobe Flash, from working properly

5 - Use an Alternative Browser

  • This vulnerability is only present in Internet Explorer at this time


To download Internet Explorer PDF click here.

*By selecting one of the communications above, you consent to Herjavec Group
sending commercial electronic messages to you for marketing purposes, including information about the products, services and events selected.

About Herjavec Group

Dynamic entrepreneur Robert Herjavec founded Herjavec Group in 2003 to provide cybersecurity products and services to enterprise organizations. We have been recognized as one of the world’s most innovative cybersecurity operations leaders, and excel in complex, multi-technology environments. Our service expertise includes Advisory Services, Technology Architecture & Implementation, Identity Services, Managed Security Services, Threat Management and Incident Response. Herjavec Group has offices and Security Operations Centers across the United States, United Kingdom and Canada.

Stay Informed

Follow us on Twitter

Connect with us on LinkedIn