Microsoft confirms workarounds for Internet Explorer's major vulnerability

Microsoft had previously issued a security advisory warning those who use IE 6, and users that don't have Enhanced Protected Mode turned on (IE 10 and 11), of a potential security threat that could compromise the end user. Microsoft believes the attacks are limited, and only work if the victim is targeted and hasn't installed Enhanced Mitigation Experience Toolkit 4.1 or EMET 5.0.

The vulnerability occurs when Internet Explorer attempts to access a deleted or not properly allocated area of memory. The corrupt data allows the attacker to gain the same user rights as the victim, before executing arbitrary code to visit malicious websites or cause other damage.

Upon discovering the vulnerability, Microsoft has responded swiftly and stated how they plan to protect their users. The updated advisory offers some clarity on the security threat, stating that if the user is logged on with administrative rights then the exploit could take control of their entire system. The revision reiterates that the victim must voluntarily click on the malicious website, thus making this exploit less widespread.

The article features a Microsoft statement, saying:

Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.

The company also encourages users to check the Microsoft Safety & Security Center for help on further protection.

A number of workarounds can be applied to protect your computer, the primary one suggesting the installation of the Enhanced Mitigation Experience Toolkit mentioned earlier. There are a few other slightly more advanced procedures that involve the use of command prompt or changing internet security zone settings, but its good to see a quick response on behalf of Microsoft.

Check out the official security advisory update here.

Source: Microsoft | Image via Microsoft

Report a problem with article
Previous Story

Windows Phone head Joe Belfiore to hold Reddit AMA on Friday

Next Story

WWE Network Xbox One app now available for download

29 Comments

View more comments

2 reasons:

FF is on decline, while IE remains king, unless you believe the inflated statcounter stats which attribute pre-cache hits as visits from chrome browsers. IE is just big and used a lot more than anything out there.

second is simply the typical anti-ms bias from a generation that is dying off (basically if you're an early millennial or older, you remember MSFT as the evil corporation that must die). today apple has taken that place. but the bloggers and writers need to be pushed off by the crowd that finds apple tasteless and MSFT innocent.

Voice of Buddy Christ said,
Which one is an integral part of Windows?

Oh goodie, I should have used Konqueror and Safari as examples to prevent trolling.

So again if your running as admin your gonna feel this, if you also happen to visit an affected website.

Ok so standard rules apply, don't run as admin and don't be easy clicky.

Forjo said,
And don't disable Enhanced Protection Mode.

Enhanced Protection Mode only applies to Windows 8. Windows 7 IE 11 has regular Protected Mode.

Luckily on windows 8 any account you setup after the initial account is not admin by default. Really there should be something within the initial setup explaining the need to have a separate admin account setup, but this would likely lead to mass problems (people forget what they don't use daily, and they'd just blame others for this).

Anyway, none of my kids run as admin on any device, I set them up and its done with. I also urge others to do the same (my friends and parents mainly), but some don't listen, guess who comes back the most for help?

Oh and this is also the main reason for users in a company having no privileges, despite what a lot of people think (that admin, he's a little Hitler, loves the power.,......as if I don't know what I'm doing on a computer, pah, I just wanted to install that codec so I could watch the football at dinner, Jesus!)

robertwnielsen said,

Enhanced Protection Mode only applies to Windows 8. Windows 7 IE 11 has regular Protected Mode.

According to Microsoft:

On x64-based Systems, Enable Enhanced Protected Mode for Internet Explorer 10; or Enable Enhanced Protected Mode and Enable 64-bit Processes for Enhanced Protected Mode for Internet Explorer 11
Internet Explorer 10 and Internet Explorer 11 users can help protect against exploitation of this vulnerability by changing the Advanced Security settings for Internet Explorer. You can do this by enabling Enhanced Protected Mode (EPM) settings in your browser. This security setting will help protect users of Internet Explorer 10 on Windows 7 for x64-based systems, Windows 8 for x64-based systems, and Windows RT, and Internet Explorer 11 on Windows 7 for x64-based systems, Windows 8.1 for x64-based systems, and Windows RT 8.1.

I don't have any more Windows 7 systems so I can't verify this, but the copy of IE 11 on my 2008R2 terminal server has it (and it's enabled) -- and 2008R2 is basically Windows 7 with server extensions.

Also note that the checkbox says "Enable Protected Mode" on both -- I'm not sure where "enhanced" is coming from.

Regardless of the specifics, there are simple mitigation steps for all versions -- even 9 under XP. As others have stated, simply switching browsers does not make one more secure.

Enhanced protected mode, is unique to Windows 8/8.1 (and server 2012/2012 R2), it is like regular protected mode with a few additional restrictions, basically the same as the metro apps sandbox but for IE on the desktop.

J_R_G said,
Enhanced protected mode, is unique to Windows 8/8.1 (and server 2012/2012 R2), it is like regular protected mode with a few additional restrictions, basically the same as the metro apps sandbox but for IE on the desktop.

Not according to Security Advisory from Microsoft.

Forjo said,

Not according to Security Advisory from Microsoft.

Yea I think you're right, MS calls x64 protected mode EPM in Windows 7, and in Windows 8 MS refers to the metro sandbox for IE as EPM. It's easy to get it confused, lol.

From what I've gleamed, if you're an Administrator, but have UAC on, then this vulnerability can't be used for anything more than user-level attacks. It says the rights of the user, which under UAC, is not Administrator-level unless elevated. Yes this can still do damage, but not the total destruction many in the MSM were alluding to.

duddit2 said,
Oh and this is also the main reason for users in a company having no privileges, despite what a lot of people think (that admin, he's a little Hitler, loves the power.,......as if I don't know what I'm doing on a computer, pah, I just wanted to install that codec so I could watch the football at dinner, Jesus!)

In my days as a sys admin, Hitler is one of the nicer things people threw at me.
And yes, most of them think they're pretty good with a computer, and refuse to understand conformity in the workplace regarding software, systems and security.

EPM is for Windows 8+ only, Windows 7 has only regular protected mode. EPM uses the metro apps sandbox for IE on the desktop, so it would not be possible to get in Windows 7 unless MS backports the metro apps security sandbox which wouldn't make much sense since there are no metro apps on Windows 7.

robertwnielsen said,
That's what I thought, J_R_G. :)

Actually someone corrected me above, EPM refers to IE in x64 mode on Windows 7, but refers to the metro sandbox on Windows 8. So just running x64 IE may stop this exploit, as you inferred. Not having used Windows 7 in so long, I forgot about this terminology discrepancy.

Why would anyone not use EMET?
Doesnt require any resources and protects your system from almost every exploit (in almost every application) known to man.

It almost seems to make an AV pointless as long as you don't fall in the social engineering traps :p

i dig the picture of this article, just as chicks dig giant robots...
is it official by microsoft or its just some fanart? it looks so professional, almost makes me wanna use IE

Commenting is disabled on this article.