Attack: IE Zero Day

Friday, June 15, 2012 @ 02:06 PM gHale


In separate missives, Microsoft and Google are warning users about a new Internet Explorer zero day an attacker can use to break into GMail accounts.

The currently unpatched browser flaw exposes Windows users to remote code execution attacks with little or no user action.

RELATED STORIES
Top Metasploit Modules
PHP Bug Accidentally Released
Oracle Flaw PoC Releases by Mistake
A+ Discovery: Student Finds Zero Day

Microsoft’s advisory speaks of “active attacks” and follows a separate note from Google that references the IE flaw “being actively exploited in the wild for targeted attacks.”

A source close to these investigations confirms these attacks prompted Google’s decision to warn GMail users about “state-sponsored attackers.”

On Twitter, users have reported seeing the message atop their GMail inboxes.

Microsoft’s explanation:
“The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker’s website. The vulnerability affects all supported releases of Microsoft Windows, and all supported editions of Microsoft Office 2003 and Microsoft Office 2007.

“The vulnerability exists when MSXML attempts to access an object in memory that has not been initialized, which may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the logged-on user.”

In the absence of a patch, Microsoft shipped a “Fix-It” tool that blocks the attack vector for this vulnerability.

Microsoft also recommended Windows users deploy the Enhanced Mitigation Experience Toolkit (EMET), which helps prevent successful exploitation of vulnerabilities in software.

Internet Explorer users can also configure Internet Explorer to prompt before running Active Scripting or disable Active Scripting in the Internet and Local intranet security zone.



Leave a Reply

You must be logged in to post a comment.