The Inquirer-Home

Microsoft issues an emergency fix for Internet Explorer zero day vulnerability

Temporary workaround to prevent exploitation
Wed Sep 18 2013, 11:24
Microsoft logo at its Redmond headquarters

SOFTWARE HOUSE Microsoft has knocked out an emergency security fix to address attacks targeting Internet Explorer (IE).

The patch arrives as a temporary workaround after the Redmond firm admitted in a security advisory on Tuesday that hackers exploited a zero day vulnerability in IE versions 8 and 9 on Windows XP and Windows 7.

"Microsoft is aware of targeted attacks that attempt to exploit this vulnerability in Internet Explorer 8 and Internet Explorer 9. Applying the Microsoft Fix it solution 'CVE-2013-3893 MSHTML Shim Workaround' prevents the exploitation of this issue," the company claimed.

The remote code execution vulnerability exists in the way IE accesses an object in memory that has been deleted or not properly allocated.

"The vulnerability may corrupt memory [allowing] an attacker to execute arbitrary code in the context of the current user within Internet Explorer," Microsoft said in the advisory. "An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website."

The exploit depends on a Microsoft Office DLL compiled without Address Space Layout Randomization (ASLR) to locate the right memory segment to attack.

The attacker exploits the vulnerability by setting up a malicious webpage that uses Javascript code to prepare a use-after-free condition, where previously allocated memory, whose content the attacker can control, is accessed after it has been marked as not in use anymore.

Security company Qualys CTO Wolfgang Kendek advised that the DLL involved is "extremely common" and most likely will not lower the affected population by much.

"While the attack is very targeted and geographically limited to Japan, it might not affect you at the moment," Kandek said. "But with the publication of the shim, other attackers can now analyse the condition fixed and will be able to produce an equivalent exploit fairly quickly.

"Therefore we suggest applying the Fix-It as soon as possible if you use IE to access the Internet."

Microsoft said that after installing the fix, IE will have to be restarted to put it into effect. µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Existing User
Please fill in the field below to receive your profile link.
Sign-up for the INQBot weekly newsletter
Click here
INQ Poll

Microsoft Windows 10 poll

Which feature of Windows 10 are you most excited about?