A new zero day vulnerability that allows for remote execution of malicious code through Internet Explorer 6-11 is currently being exploited in the wild. Infection can occur simply by browsing to a malicious website.
How to Stay Protected
Zero day CVE-2014-1776 currently affects Internet Explorer, versions 6-11. Over 26% of Internet users utilize one of these browsers. If this includes you, your computer is vulnerable to remote execution of malicious code. Microsoft has yet to release an official fix for CVE-2014-1776, but if you are affected there are still a number of things you can do.
- Download Microsoft’s Enhanced Mitigation Experience Toolkit (EMET).
- Activate “Enhanced Protection Mode” in Internet Options. (Available in IE 10 and IE 11 only).
- Disable Internet Explorer’s Flash plugin.
- Switch to a different Internet browser entirely.
- Utilize an Internet Security software that protects your computer from malicious websites, such as the Emsisoft Internet Security pack.
Any one of these actions will protect you from becoming the victim of a zero day attack.
Details About this Threat
Microsoft released an official statement on CVE-2014-1776 this Sunday. The statement contains detailed steps to threat mitigation and also acknowledges researchers at FireEye for discovering the vulnerability’s usage in active, in-the-wild, targeted attacks against users running IE 9-11.
Research indicates that CVE-2014-1776, otherwise known as “Operation Clandestine Fox,” utilizes vector markup language in Adobe Flash to bypass address space layout randomization (ASLR) and data execution prevention (DEP), in order to allow attackers to infect their targets with malware. ASLR and DEP are specifically included in Internet Explorer as security measures, however this is not the first time they have been bypassed via Flash. In fact, the technique was recently used in a February zero day, known as Operation GreedyWonk
Additionally, research indicates that Operation Clandestine Fox is part of a larger malware campaign instigated by what is called an Advanced Persistent Threat group, or an APT. APTs use malware to specifically target governments or financial institutions. As yet, Clandestine Fox has only been observed in a few targeted attacks against such targets, however in the coming days copycat campaigns against everyday Internet users are likely to emerge. For this reason, Emsisoft recommends taking one of above listed steps to stay protected immediately. Users who require help are encouraged to contact our experts at Emsisoft Support for free technical assistance.
Users running Windows XP should also note that this is the first major vulnerability to affect the operating system that will never be patched.
Have a Great (Zero-Free) Day!
Update: Microsoft Issues Emergency Patch, Even for XP