Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Microsoft warns over another zero-day flaw; upgrade to IE 8 say experts

It's therefore perhaps surprising that cloud security specialist Qualys is advising users to upgrade to IE 8.0, if they have not already done so.

The reason, says Wolfgang Kandek, the firm's CTO, is that IE 8.0 has the data execution prevention (DEP) feature enabled by default.

"DEP is a security feature first implemented in 2005 that prevents the exploit from executing successfully", he said, adding that, according to Microsoft, only a single website was found to host the exploit, but others are soon expected", he said.

Brian Krebs, another security expert, meanwhile, agrees with Microsoft's analysis that it won't be too long before the attack is stitched into plenty of other hacked and malicious websites.

In his security blog, he notes that, in Microsoft's security response centre blog, the software giant says it is working to develop a security update to address this attack against the flaw, but that at the moment it does not meet the criteria for an out-of-band release.

Microsoft, he goes on to say, is expected to issue another round of security updates next week as part of its regular Patch Tuesday cycle, which generally occurs on the second Tuesday of each month.

According to Krebs, Symantec has posted a fascinating blog entry that details just how targeted the attacks have been so far.

"It offers a peek at how these types of critical flaws in widely-used applications can be used in pinprick attacks to extract very specific information from targeted organisations and individuals", he said.

Citing the Symantec blog, Krebs says that, by observing log files from an exploited server, we know that the malware author had targeted more than a few organisations.

In its blog, Symantec reports that the files on this server had been accessed by people in lots of organisations in multiple industries across the globe.

"Very few of them were seen accessing the payload file, which means that most users were using a browser which wasn't vulnerable or targeted", says the IT security vendor.

Heisse Online, meanwhile, says that the DEP feature and other protective mechanisms available under Windows can also be enabled via the Enhanced Mitigation Experience Toolkit (EMET).

The German IT newswire has published a useful article entitled "Damage limitation – Mitigating exploits with Microsoft's EMET" on its site last month, Infosecurity notes.

What’s Hot on Infosecurity Magazine?