0-Day Vulnerability in Internet Explorer Threatens Windows XP

On Monday, Microsoft acknowledged that hackers are attempting to exploit a vulnerability in version 6 to version 11 of Internet Explorer. The vulnerability is a remote code execution vulnerability, and exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated.

"The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer," reads the company's warning. "An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website."

Right now the active attacks are targeting IE9, IE10 and IE11, and dished out by a malicious web page that the user must access in order for the malware to infect the PC.

"An attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website," the warning adds.

The company's warning says that after completion of the investigation, Microsoft will either release a solution on Patch Tuesday this June, or via an out-of-cycle security update, depending on customer needs. For those who are still using Windows XP, you will not be protected via Microsoft.

"This happened a bit quicker than I expected but it is a sign of things to come; the vulnerability applies to Windows XP, IE6, IE7 and IE8 are listed as affected and attackers will soon adapt the exploit to work against these older versions of IE as well. Since you will not get a patch for your operating system, deregistering the DLL will be your best option to defend your systems," writes Qualys Inc. CTO Wolfgang Kandek. "Microsoft still lists IE6, IE7 and IE8 in these advisories because they run under Windows 2003, which has another year of support left in it."

One workaround, which is listed towards the bottom of Microsoft's alert, includes disabling VGX.dll, which is responsible for rendering of VML (Vector Markup Language) code in webpages. VML is only infrequently used on the web, Kandek adds, so disabling it in IE is the best way to prevent exploitation. To deregister it, type in the following:

regsvr32 -u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"

The Enhanced Mitigation Experience Toolkit (EMET) is another route, a free toolkit that Microsoft updates and maintains frequently. Or users can take the quicker route by using different web browsers such as Firefox and Chrome until the vulnerability is fixed.

  • wrathofdragon
    yet another reason Internet Explorer is only good for downloading a normal browser...
    Reply
  • everlast66
    People that run windows XP are not the screamish type
    Reply
  • memadmax
    Sooooo....

    Don't look at pornsites and you'll be fine...

    >_>
    Reply
  • abbadon_34
    the timing is so .... convenient
    Reply
  • Zombie615
    So what about the people using Internet Explorer 11 on Windows 8.1 are they safe or not?
    Reply
  • danwat1234
    If the critical updates going to the UK government and maybe the NSA or whatever other government organizations are leaked for XP, then we won't need to disable that dll.
    Reply
  • red77star
    Another proof that your Windows is never secured whether that is Windows 7/8 or XP. Just don't use IE!
    Reply
  • wrathofdragon
    next think you know people are going to complain about AOL and the DialUp Connective speed...
    Reply
  • Zombie615
    its always something with the internet. That's why I don't bank or do anything online unless I use a prepaid card that has just the amount of money that I'll be using to purchase said item. Also, I don't save anything on my computer that could be useful to a hacker. Don't view porn or anything else on my computer an I don't visit websites that I have no idea about.
    Reply
  • brandonjclark
    @Zombie... Yeah, we know what you mean, but 2003 wants its excuse back.
    Reply