Date: 4/27/14
Source: BGR, FireEye, Threatpost
Description: On Sunday, Microsoft announced the discovery of a new zero-day vulnerability. There is a heightened alert as it is being used by known APT groups (bad guys). Microsoft issued an advisory (CVE-2014-1776). The vulnerability is a remote execution code vulnerability. The attacker could host a specially crafted website or advertisement within a website that is designed to exploit this vulnerability. An attacker who successfully exploits this vulnerability could gain the same user rights as the current user.
Impacted Users:
- Windows XP Users are at high risk since XP is no longer supported and many of the affected versions of IE will run on XP.
- People with administrative privileges on systems would be more impacted than those without.
Windows Servers 2003, 20, 2008 R2, 2012, 2012 R2 run in restricted mode and this mode effectively mitigates the vulnerability.
Prevention and Mitigation Procedures: In order to exploit this vulnerability, one must visit a corrupted webpage. Please use heightened awareness around any links you click on in email and also which websites you browse.
There is no patch available yet. (9:01AM Monday) As soon as one becomes available, patch your system. If you have other browsers available to you (Firefox, Chrome, Safari), you might want to utilize those this week, or until the patch is applied to IE.
Technically, one could utilize EMET 4.1 or set their Internet and Local Intranet Security Zone settings to “High” This will block Active X and Active Scripting, required by the exploit.
To keep up to date on the latest security news, please visit the University Information Security site at www.massachusetts.edu/informationsecurity.