Microsoft delivers stopgap defense against active IE10 attacks
Not likely to ship a rush patch before March 11, says security expert
Computerworld - Microsoft on Wednesday issued a stopgap defense that protects Internet Explorer 9 (IE9) and IE10 against ongoing attacks until the company issues a patch, probably in three weeks.
An unpatched vulnerability in those two versions of Microsoft's browser has been used by two hacker groups to compromise Windows 7 and Windows 8 PCs running IE10, including machines of a French defense contractor and its suppliers, according to Israeli security company Seculert. The attacks may have started as early as Jan. 17.
"All affected customers should apply the easy, one-click 'Fix it' solution and follow the suggested mitigations outlined in the security advisory while an update is finalized," said Dustin Childs, group manager of Microsoft's Trustworthy Computing team, in an email Wednesday.
The security advisory Childs mentioned was also published Wednesday, as was a deeper dive into the vulnerability by Neil Sikka, an engineer with the Microsoft Security Response Center (MSRC), on Microsoft's Security Research & Defense blog.
It's unlikely that Microsoft will rush out an emergency patch for the IE vulnerability, said Andrew Storms, director of DevOps at San Francisco-based security firm CloudPassage.
"It would seem like it's still in the limited-attack category," said Storms in a Wednesday interview conducted using a messaging app. "So until that heats up, I don't see them rushing to push an out-of-band fix."
Microsoft has said it is working on a patch for the IE vulnerability, but offered nothing about a timetable. The next regularly-scheduled Patch Tuesday is three weeks away, on March 11.
Out-of-band updates -- described as such because they are issued outside the normal monthly schedule Microsoft maintains for security patches -- are rare: The last one Microsoft shipped was MS13-008, an emergency patch issued 13 months ago that plugged holes in IE6, IE7 and IE8 after those browsers had been exploited for about six weeks.
Until a patch is produced, Microsoft offered customers several options to protect themselves, including advice on configuring EMET 4.1 and running one of its "Fix it" automated tools to "shim" the DLL that contains the IE rendering engine.
EMET (Enhanced Mitigation Experience Toolkit) is a tool that manually enables anti-exploit technologies such as ASLR (address space layout randomization) and DEP (data execution prevention) for specific applications. Although it was originally designed for enterprise IT professionals, Microsoft has been touting its use as a security backstop for a wider audience of late.
(Ironically, simply installing EMET does the trick; the attacks seen so far abort if they detect the presence of the toolkit.)
But the Fix it route will be easiest for most people: Microsoft offered the tool on its support site, and customers need only click the icon on the left, the one marked "Enable MSHTML shim workaround." Microsoft has used the shim approach before when faced with unexpected attacks against IE, most recently last September.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The Threat Landscape Hardly a day goes by without the discovery of a new cyberthreat somewhere in the world! But how do you keep up with...
- Security for Virtualization In the rush to implement virtualization, security has become second. So while the business benefits are clear, the risks are less well documented...
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Malware and Vulnerabilities White Papers | Webcasts