Protect Yourself Against Exploit Targeting New IE Zero-Day Vulnerability
News of an exploit being used to target a zero-day vulnerability in Internet Explorer (BID 37815) was announced on Thursday, January 14th. According to Microsoft, the vulnerability affects Internet Explorer 6, 7, and 8, which together make up the bulk of the versions used today. Reports, however, have confirmed that only Internet Explorer 6 has been targeted so far and the exploit has only been seen in targeted attacks. Since the exploit code has been made public and is available for anyone to download (and use to make attacks), it is highly likely we will see it being used in more Web-based attacks.
In this security issue Internet Explorer is prone to a remote code-execution vulnerability. This means that attackers can use exploit code to execute malicious code on a victim's computer and then compromise the computer. If you are using Internet Explorer 6, 7, or 8 you may be affected until such time as you take preventative measures.
No patch is currently available from Microsoft. If using another browser is not an option for you, Microsoft provides a few workarounds on its security advisory.
If you are using Symantec or Norton products you are already protected against attacks that leverage this vulnerability and are safe to continue using IE.
- Symantec has released IPS signature HTTP MSIE Memory Corruption Code Exec (23599) to block this particular exploit. Signatures for all products, except Symantec Network Security, are currently available; signatures for SNS will follow shortly.
- Symantec has also released an AV Signature (Trojan.Hydraq) for some of the targeted malware samples we have seen using this vulnerability exploit.
Both signatures should be automatically downloaded to all products via LiveUpdate. They can also be manually downloaded from the Security Response Web site.
Be proactive and secure your computer before the exploit becomes mainstream on malicious Web sites.
Update: Microsoft has announced that they are going to release an out-of-cycle patch for this vulnerability on January 21st, 2010 at around 10:00 am Pacific Standard Time.