Microsoft Confirms Internet Explorer Zero-day

Microsoft started to develop a new patch for a 0-day in all supported versions of Internet Explorer. The main impact of the vulnerability is remote code execution.

The new Microsoft security advisory 2488013 alert users that the vulnerability exists due to the creation of uninitialized memory during a CSS function within Internet Explorer. As a result it is possible under certain conditions for the memory to be leveraged by an attacker using a specially crafted Web page to gain remote code execution.

On the other side Metasploit , has released an exploit for the vulnerability using known techniques bypass ASLR (Address Space Layout Randomization) and bypass DEP (Data Execution Prevention), which are used to prevent execution of malicious code in IE.

According to Sophos, as a workaround it is possible to use Microsoft’s Enhanced Mitigation Experience Toolkit (EMET). With this tool, you can force named applications to perform ASLR on every DLL they load, whether the DLL wants it or not.

This makes it very much less likely that a remote exploit based on hard-wired addresses will succeed.

make sure you subscribe to my RSS feed!