Apr 30, 2014

Internet Explorer 0-Day:
A Summary with Mitigation Advice

In today’s Whiteboard Wednesday, Nick Percoco, Vice President of Strategic Services, will talk about the latest Internet Explorer 0-day.

News has spread about the latest IE 0-day and it doesn’t look good for a quarter of all internet users. A critical flaw in the IE browser is threatening the security of a very large group of people and what is even more daunting is the fact that a patch is not available yet.

UPDATE: Microsoft releases patch - https://technet.microsoft.com/en-us/library/security/ms14-may.aspx

What can you do to ensure that you and your organization are protected from this critical vulnerability? Watch this week’s Whiteboard Wednesday to find out. Also, download our toolkit, which includes all of the information we have produced around this IE 0-day and free downloads, to see the impact this 0-day has on your organization.

Read Video Transcript

Hi, I'm Nick Percoco, Vice President of Strategic Services at Rapid7. Thanks for watching Whiteboard Wednesday. This week's topic is the Internet Explorer Zero Day that most of you have probably have heard about...

If you haven't heard about it, Microsoft released an advisory on April 26th, just a few days ago, that talked about a critical flaw in Internet Explorer. And in fact, it's so critical that it affects all browser versions really back to 6.0. The result of which could enable an attacker to execute remote code on an end user's browser by visiting a malicious website, or clicking on a malicious link.

And in fact, that's affecting about 25% of all internet users out on the internet today. Now, that was reported to Microsoft through Microsoft's active protection program via security firm named Fire Eye. Now, you may be wondering, well, how did Fire Eye find this flaw? Did they discover this vulnerability? Well according to their reports, they actually saw this actively being exploited in the wild, and you may also be wondering, what does that mean?

Well criminal groups or nation states actually go and perform security research, and they try to identify vulnerabilities and flaws in systems that they can then use as part of their arsenal to launch targeted attacks. Now these types of attacks are not going to find themselves in widespread email campaigns or compromises of websites in order to attack, you know, general users out there. These campaigns are going to target, you know, specific tactical and strategic individuals, and tactical and strategic organizations.

For an example, a criminal group maybe targeting a Fortune 50 company, they're going to send targeted emails against those individuals and which hopes that they click on a link and in turn exploit, you know, compromise our system via this Internet Explorer exploit, and in turn gain access, or plant malware onto their system. They're going to utilize that to maybe potentially gain access to insider information about earnings reports or other intellectual property and turning to then sell that to individuals who might be interested in it.

Now in that phase, we're sort of calling this the pre-discovery phase. This is before somebody like Fire Eye or even Microsoft knew that this vulnerability existed. For the most of the people out on the internet, for most of us, that's an imperative relatively low risk. As you can imagine, there're dozens of these types of vulnerabilities probably floating around out there at any given moment and most of us are not actively being exploited through them.

Now, once Fire Eye discovered it and once that Microsoft released their advisory on April 26th, we're in this post discovery phase of this Internet Explorer exploit. What that means is that those criminals groups are going to be ramping up their efforts and they know that, one, there's no patch available because Microsoft hasn't come up with something yet. They also know that Microsoft is going to patch this problem in the next couple of days and they need to utilize this vulnerability as much as they can in order to make the best bang for their buck out of the investment that they put in, in developing, finding the vulnerability, and developing the exploit and weaponizing it.

So for most user out there, we're in a relatively high area of risk, so you need to pay attention and you need to have some mitigation actions that you apply to your own systems and to your business systems that you interact with. So the first piece you can do is install Chrome and Firefox and stop using Internet Explorer. Right now, any Internet Explorer use is extremely high risk. You can visit a website that may look completely legitimate, but it may have been compromised and maybe it's been compromised and code to exploit this vulnerability could be placed on that site.

Also, remove I.E. as your default browser. You don't want to inadvertently click on a link in an email or click on a link in an attachment that you had and start using Internet Explorer when you really want to be using Firefox or Chrome at this time. You also can test and deploy EMET 4.1 in your environment. Now, EMET's a tool that was released by Microsoft and it's a tool that specifically works with Internet Explorer and other document application, document reader type applications that may run on your system, and basically makes it much more difficult for these types of exploits to be successful. And in fact, if you're running EMET 4.1 on your system today and you're using Internet Explorer, there have been some tests and some confirmations that this vulnerability is actually not effective. The exploit's not effective associated with this vulnerability in your systems.

And then finally, keep in mind that Windows XP has been end of life and there is no patch available. So it's extremely important for those users out there that have Windows XP systems, if they're running Internet Explorer or they're utilizing Internet Explorer, they're in imperative really, really high risk. So, that's extremely important that either you get off of Windows XP or you stop using Internet Explorer on those systems as of today and for the foreseeable future. So, with that, I'm Nick Percoco. I'm Vice President of Strategic Services at Rapid Seven. Thanks for watching Whiteboard Wednesday and hope to see you next week.

IE 0-day Toolkit

Learn more and see how this affects your organization

Download Now