Microsoft warns of zero-day hole in Internet Explorer
Microsoft has advised that a zero-day hole in Internet Explorer can be exploited to infect Windows PCs with malware. According to analyses by Symantec, attackers have already targeted company employees and attempted to compromise their PCs. The attacked employees received an email containing a link to a specially crafted web page.
At the end of last year, several companies, including Google, were infiltrated in a similar way by hackers who were thought to be Chinese (Aurora). Symantec has not provided any information about the originators of the new attacks. However, the specially crafted web page has since been taken off-line.
Versions 6, 7 and 8 of Internet Explorer are all said to be affected. IE version 9 beta is reportedly immune. The problem is caused by flawed processing routines for parsing certain Cascading Style Sheet combinations in HTML documents. This allows attackers to manipulate certain pointers and execute injected code at the user's privilege level. Microsoft say they are working on a bug fix, but don't currently see any reason for an emergency patch – presumably because the exploit hasn't become publicly available, and because the number of attacks is too small.
Until a patch has been released, Microsoft recommend that users enable the Data Execution Prevention (DEP) feature for Internet Explorer under Windows 7, Vista or XP. According to Microsoft, this feature is only enabled by default in Internet Explorer 8. The simplest way to enable DEP in Internet Explorer 7 is to download and run a fix-it tool Microsoft has provided. A fix-it tool has also been released for users running Internet Explorer 6 to enable or disable the user-defined CSS workaround. While most users should have upgraded to a version later than IE6, it's still in use in various places.
The DEP feature and other protective mechanisms available under Windows can also be enabled via the Enhanced Mitigation Experience Toolkit (EMET). The article "Damage limitation - Mitigating exploits with Microsoft's EMET" at The H Security explains how this tool works and how to use it.