Microsoft, on Saturday, April 26, 2014, issued a security advisory warning users of a vulnerability in Internet Explorer that could allow “remote code execution.” The latest Internet Explorer vulnerability affects all versions of the web browser, which includes Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11. As of writing this article, Microsoft didn’t issue any patch to fix the Internet Explorer vulnerability. (we will update the page as soon as an official patch is issued)

Update: Microsoft has issued a security update (Microsoft Security Bulletin MS14-021 – Critical) to address the issue.

internet explorer

While revealing about the details of the Internet Explorer vulnerability, the software giant stated:

The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.

Microsoft is yet to issue a patch for Internet Explorer to fix the security issue. Until that its safe for IE users to use another web browser.

Microsoft is investigating the issue and says that upon completion of its investigation it will take the proper action to protect its customers, which may include providing a solution through its monthly security update release process, or an out-of-cycle security update, depending on customer needs.

Internet Explorer Vulnerability Workarounds To Block The Attacks

Microsoft did issued a few workarounds that will help block the known attack vectors before a security update is available. Some of the workarounds involved setting Internet and Local intranet security zone settings to “High” to block ActiveX controls and Active Scripting in these zones, configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone, deploy the Enhanced Mitigation Experience Toolkit 4.1, unregister VGX.DLL, modify the Access Control List on VGX.DLL to be more restrictive, and enable Enhanced Protected Mode for Internet Explorer 11 and enable 64-bit Processes for Enhanced Protected Mode. You can get the details of applying any of those workarounds on the official advisory page for Internet Explorer vulnerability.

Are you still using Internet Explorer? Do you have anything to add to this post, share it in the comments.

Source: Microsoft Security Advisory 2963983

Author

SK Mezanul Haque is the founder of MyTechGuide.org (popularly known as My Technology Guide). Passionate about all things in tech. Let's meet: Google Plus.

Write A Comment