Threat Bulletin: Microsoft IE Zero-Day Vulnerability and Exploit

<p>A new proof-of-concept exploit was posted on BugTraq over the weekend that targets a zero-day vulnerability in Internet Explorer. Symantec Security Response has confirmed that the exploit affects both IE 6 and 7 on Windows XP and Vista platforms, but there are possibilities that other versions of IE and Windows may also be affected. The exploit in its current form exhibits inconsistent behaviour in tests conducted by the Response team, however a fully-functional exploit can be expected to follow.</p>
<p>For the attacker to launch a successful attack, they need to lure the victim to a malicious Web page or website they have compromised. The exploit also requires JavaScript to exploit Internet Explorer. The exploit targets a vulnerability in the way IE uses the Cascading Style Sheets (CSS) information. CSS is used in many Web pages to define the presentation of the site’s content.</p>
<p>Symantec detects the exploit with the Bloodhound.Exploit.129 signature, HTTP Microsoft IE Generic Heap Spray BO and HTTP Malicious JavaScript Heap Spray BO IPS signatures. It is anticipated that this exploit will be developed further, therefore new signatures specifically for this exploit are also being created.</p>
<p>Mitigation for consumer users:</p>
<p>To minimise the chances of being affected by this issue, Internet Explorer users should ensure their antivirus definitions are up to date, disable JavaScript and only visit websites they trust until fixes are available from Microsoft.
Mitigation for enterprise users:</p>
<p>Run all software as a non-privileged user with minimal access rights</p>
<p>Deploy network intrusion detection systems to monitor network traffic for malicious activity</p>
<p>Do not follow links provided by unknown or untrusted sources</p>
<p>Set web browser security to disable the execution of script code or active content</p>
<p>Implement multiple redundant layers of security</p>
<p>Please let me know if you would like to speak with a Symantec security expert about this threat and what computer users can do to prevent falling victim to this attack.</p>
<p>Press Contacts:</p>
<p>Jasmin Athwal</p>
<p>Max Australia</p>
<p>+61 2 9954 3492</p>
<p>Jasmin.Athwal@maxaustralia.com.au</p>
<p>Debbie Sassine</p>
<p>Symantec</p>
<p>+61 2 8220 7158</p>
<p>Debbie_Sassine@symantec.com</p>

• Got more on this story? Email Computerworld
• Follow Computerworld on twitter