The online world has barely recovered from OpenSSL’s Heartbleed bug, and now there’s another vulnerability that’s putting users’ information in danger. Microsoft announced over the weekend the discovery of a previously undetected vulnerability in Internet Explorer versions 6-11.

About the New Zero-Day Exploit

The new zero-day exploit in IE, as mentioned earlier, is present in versions 6 through 11, but the attacks are targeted towards IE 9 to 11. According to the report by Microsoft’s partner FireEye, this exploit affects 26.25% of the browser market – that’s a quarter of IE users worldwide.

Microsoft's first security advisory
Microsoft’s first security advisory about the Zero-Day Exploitation, which was followed by two more detailed advisories

Microsoft has released three advisories last Saturday about the threat, explaining what this zero-day exploit does. As stated in the image above:

“The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that the Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince the user to view the website.”

The first targets of this exploit are users of Windows XP, especially since Microsoft discontinued support for the said OS last month. Windows IE 9, 10 and 11 are the targets, although versions 6, 7, and 8 also have the same vulnerability.

What You Should Do

There isn’t a patch for the vulnerability yet, but you can expect one to be developed in the coming days. For now, Microsoft and FireEye recommend the following:

  • If you can avoid using IE right now, stick to alternative browsers.
  • Install Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) 4.1 to add layers of protection to your computer
  • Disable vector markup language (VML) and Flash for the time being, as the attackers use these to remotely access malicious code
  • Enable “Enhanced Protection Mode” in IE and the 64-bit process mode in IE 10 and 11

Make sure to alert your clients about this vulnerability. We will keep you posted on the developments regarding this new threat. Talk to your account manager today for clarifications and assistance.