Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Microsoft's workaround for zero-day IE vulnerability may not be effective

Ted Samson | Sept. 20, 2012
Microsoft is pushing its Enhanced Mitigation Experience Toolkit to protect systems, but companies may want to temporarily switch browsers or disable Java

As Microsoft scrambles to roll out a patch for the latest zero-day vulnerability in Internet Explorer, IT admins again find themselves in the unenviable position of coming up with a temporary fix to secure corporate systems. There are options -- dump IE, remove Java, or download Microsoft's Enhanced Mitigation Experience Toolkit -- but these approaches have potential drawbacks.

For those who missed the alert, on Monday Microsoft announced it was investigating reports of a vulnerability in IE6, IE7, IE8, and IE9 -- but not IE10 -- that affects the way the browser accesses objects that have been deleted or improperly allocated. According to reports, malicious hackers have been exploiting the vulnerability to install via drive-by download the Poison Ivy Trojan, which can be used to steal data or take remote control of PCs. Jaime Blasco, manager of AlienVault Labs, told Reuters that malicious hackers appear to be targeting defense contractors.

Some security experts -- as well as the German government's Federal Office for Information Security (BSI, for short) -- have advised users to temporarily stop using IE until Microsoft issues a patch, which is expected in the coming days. That may be a sensible approach for home users and some organizations, but for companies that rely on IE to access particular online resources, temporarily moving to Chrome or Firefox may not be a viable option. In an enterprise environment with hundreds or thousands of users, rolling out an alternative browser -- with the necessary configuration and compatibility testing -- may prove a bigger headache than it's worth if, indeed, a patch is forthcoming. To Microsoft's credit, it has a track record of rolling out patches for zero-day vulnerabilities expediently (that is, in days instead of weeks).

Microsoft, meanwhile, offered its own workaround: Deploy its Enhanced Mitigation Experience Toolkit (EMET), a utility designed to help prevent software vulnerabilities from successfully being exploited by applying in-box mitigations. The toolkit allows users to force applications to use one or both of two key security defenses built into Windows Vista and Windows 7: Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP), according to Krebs On Security. Microsoft provided detailed instructions on how to download and install EMET. The tool can be configured via command line or Group Policy.

Unfortunately, EMET may not be effective in preventing attacks that leverage this newfound vulnerability, according to Tod Beardsley, an engineering manager at security company Rapid7. The company has updated its Metasploit penetration-testing software so that security admins can use it to simulate attacks that exploit the security flaw to see whether their networks are vulnerable.

 

1  2  Next Page 

Sign up for Computerworld eNewsletters.