April 26, 2014

Internet Explorer Threat Update

Microsoft has published Security Advisory 2963983 on April 26th 2014.

This Advisory is related to a vulnerability that was discovered in Internet Explorer, versions 6 through 11.

This vulnerability is present in nearly all versions of Internet Explorer, regardless of the Windows OS Version that is in use.

The vulnerability (CVE-2014-1776) exploits a bug in Adobe Flash that allows an attacker to execute malicious commands and potentially compromise an unsuspecting user.

Please note that now that Windows XP is no longer supported by Microsoft, it is not clear if Microsoft will officially release this patch for Internet Explorer on Windows XP.

The Herjavec Group is currently monitoring the situation closely, and as information is released, may provide an official document, as we have in the past.

For the time being, please ensure that any of the below mitigation techniques are in use, in order to protect yourself from this vulnerability.

1 – Deploy the Enhanced Mitigation Experience Toolkit 4.1 or Greater

  • Both Microsoft and FireEye confirm that the vulnerability is no longer exploitable when the default configuration of EMET 4.1/5.0 is used

2 – Block ActiveX Controls and Active Scripting in Internet Explorer’s “Local Intranet” and “Internet” zones

  • Please be aware that this will block ActiveX and Scripting within sessions that are classified as Local Intranet or Internet, however it is possible to whitelist websites by adding them to the Trusted Sites zone

3 – Ensure that Enhanced Protected Mode or Enhanced Security Configuration is enabled

  • Enhanced Protected Mode was introduced in IE version 10 and is enabled by Default in Internet Explorer 10 and above
  • Enhanced Security Configuration is enabled by default in Internet Explorer on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2

4 – Disable the Adobe Flash plugin within IE

  • FireEye has confirmed that disabling the Adobe Flash plugin within Internet Explorer, will prevent the exploit from functioning. This of course will prevent any other Applications that use Adobe Flash, from working properly

5 – Use an Alternative Browser

  • This vulnerability is only present in Internet Explorer at this time

Sources:

To download Internet Explorer PDF click here.




*By selecting one of the communications above, you consent to Herjavec Group
sending commercial electronic messages to you for marketing purposes,
including information about the products, services and events selected.