0-Day Vulnerability in Internet Explorer Threatens Windows XP
On Monday, Microsoft acknowledged that hackers are attempting to exploit a vulnerability in version 6 to version 11 of Internet Explorer. The vulnerability is a remote code execution vulnerability, and exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated.
"The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer," reads the company's warning. "An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website."
Right now the active attacks are targeting IE9, IE10 and IE11, and dished out by a malicious web page that the user must access in order for the malware to infect the PC.
"An attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website," the warning adds.
The company's warning says that after completion of the investigation, Microsoft will either release a solution on Patch Tuesday this June, or via an out-of-cycle security update, depending on customer needs. For those who are still using Windows XP, you will not be protected via Microsoft.
"This happened a bit quicker than I expected but it is a sign of things to come; the vulnerability applies to Windows XP, IE6, IE7 and IE8 are listed as affected and attackers will soon adapt the exploit to work against these older versions of IE as well. Since you will not get a patch for your operating system, deregistering the DLL will be your best option to defend your systems," writes Qualys Inc. CTO Wolfgang Kandek. "Microsoft still lists IE6, IE7 and IE8 in these advisories because they run under Windows 2003, which has another year of support left in it."
One workaround, which is listed towards the bottom of Microsoft's alert, includes disabling VGX.dll, which is responsible for rendering of VML (Vector Markup Language) code in webpages. VML is only infrequently used on the web, Kandek adds, so disabling it in IE is the best way to prevent exploitation. To deregister it, type in the following:
regsvr32 -u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"
The Enhanced Mitigation Experience Toolkit (EMET) is another route, a free toolkit that Microsoft updates and maintains frequently. Or users can take the quicker route by using different web browsers such as Firefox and Chrome until the vulnerability is fixed.