Microsoft and Germany's BSI warn against using IE

Activating EMET is a simple matter. Click on 'Configure Apps' in the main window and add iexplore.exe with default settings The extent of the 0-day vulnerability in Microsoft's Internet Explorer web browser that was reported on Monday is greater than previously thought. In a security advisory published late yesterday evening, Microsoft revealed that the problem affects Internet Explorer 6 to 9 running under all currently supported Windows versions. Version 10 of IE, preinstalled under the company's upcoming Windows 8 operating system, is not affected. According to Microsoft, the vulnerability is a use-after-free problem, i.e. it occurs on accessing a previously deleted or incorrectly initialised memory object.

Readying a patch for the vulnerability could take the company some time. In its advisory, Microsoft has therefore provided a list of suggested workarounds, the most practical of which involves installing its Enhanced Mitigation Experience Toolkit (EMET) exploit blocker. EMET activates a range of security functions for individual processes to make it harder to exploit security vulnerabilities.

An alternative is to completely disable ActiveX and active scripting by setting security for the internet and local intranet zones to "High". This will, however, restrict the functionality of many web sites. In addition, Microsoft also suggests configuring IE so that it asks for permission before executing scripts – an equally impractical solution.

The German Federal Office for Information Security (BSI) has also issued a warning on the IE vulnerability, but recommends a somewhat different workaround to those suggested by Microsoft – using an alternative browser. It remains to be seen whether patching the vulnerability will have to wait for the next scheduled Patch Tuesday in October or whether an unscheduled patch will be released. Users running a vulnerable version of IE should deploy one of the above options as soon as possible. A module for the Metasploit attack framework is already in circulation, meaning that anyone could now exploit the vulnerability for their own ends.

See also:

• EMET exploit mitigation tool reports the cause of a crash, a report from The H.
• Damage limitation - Mitigating exploits with Microsoft's EMET, a feature from The H.

(crve)