Unfortunately, as it’s already been reported, the culprit is Microsoft’s Internet Explorer, a web browser used by a good portion of the world.
The zero-day flaw affects Internet Explorer versions 6 through 11, although Microsoft says IE 10 and 11 are safe to use, thanks to the Enhanced Protect Mode that is on by default, as well as Enhanced Mitigation Experience Toolkit (EMET) 4.1 and EMET 5.0 Technical Preview.
Basically, the security hole allows attackers to bypass address space layout randomization (ASLR) and data execution prevention (DEP) protection. The vulnerability can corrupt memory in a way that allows attackers to take over a user’s computer in order to install programs, view, change, or delete data, or even to create new accounts with full user rights.
This is particularly dangerous to Windows XP users who are left unprotected following Microsoft’s decision to cut down support of the operating system version.
For the most part, users have been left without defense, although there are ways to make sure you’re protected.
“First and foremost, this is an IE vulnerability so the use of an alternate browser will effectively negate this specific attack,” Jeremy Scott, senior research analyst with Solutionary, a company that seeks to protect traditional and virtual IT infrastructures, cloud environments and mobile data.
“As far as continuing to use IE then disabling Adobe Flash or deploying the current EMET version are the current recommendations. If an organization uses a content inspection proxy at the perimeter, they could block flash content at that point to reduce the administrative overhead on the client systems until a fix has been released,” he told Softpedia.
He explains that this requires the organization to control al ingress and egress points so that users cannot go around the proxy. Furthermore, implementing Enhanced Protected Mode in IE should be a priority in order to prevent installing software or modifying system settings by locking down parts of the system that the browser doesn’t need to access and use.
This should be enough to offer some protection to those who are Internet Explorer fans and have refused to move on to other browsers.
