WHAT IT IS
This past weekend, Microsoft released information on a security risk found in Internet
Explorer that could allow remote code execution. This was issued in Security Advisory
296398.3 This exploit affects a vulnerability in Internet Explorer 6, Internet Explorer 7,
Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11.
The vulnerability is a remote code execution vulnerability. The vulnerability exists in the
way that Internet Explorer accesses an object in memory that has been deleted or has not
been properly allocated. The vulnerability may corrupt memory in a way that could allow
an attacker to execute arbitrary code in the context of the current user within Internet
Explorer. An attacker could host a specially crafted website that is designed to exploit this
vulnerability through Internet Explorer and then convince a user to view the website.
DOES THIS AFFECT ME?
It could. By default, Internet Explorer on Windows Server 2003, Windows Server 2008,
Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 runs in a
restricted mode that is known as Enhanced Security Configuration. This mode mitigates
this vulnerability. By default, all supported versions of Microsoft Outlook, Microsoft
Outlook Express, and Windows Mail open HTML email messages in the Restricted Sites
Zone. The Restricted Sites Zone, which disables script and ActiveX controls, helps reduce
the risk of an attacker being able to use this vulnerability to execute malicious code. If a
user clicks a link in an email message, the user could still be vulnerable to exploitation of
this vulnerability through the web-based attack scenario.
WHAT COULD HAPPEN?
An attacker who successfully exploited this vulnerability could gain the same user rights
as the current user. Users whose accounts are configured to have fewer user rights on
the system could be less impacted than users who operate with administrative user rights.
In a web-based attack scenario, an attacker could host a website that contains a
webpage that is used to exploit this vulnerability. In addition, compromised websites and
websites that accept or host user-provided content or advertisements could contain
specially crafted content that could exploit this vulnerability. In all cases, however, an
attacker would have no way to force users to visit these websites. Instead, an attacker
would have to convince users to visit the website, typically by getting them to click a link
in an email message or Instant Messenger message that takes users to the attacker’s website
HOW CAN I RESOLVE THIS?
Microsoft is working hard to put an official patch in place. This should be
released shortly. However, to ensure you are protected now you can download
and install the Enhanced Mitigation Experience Toolkit. The Enhanced
Mitigation Experience Toolkit (EMET) is a utility that helps prevent
vulnerabilities in software from being successfully exploited. EMET achieves
this goal by using security mitigation technologies. These technologies
function as special protections and obstacles that an exploit author must
defeat to exploit software vulnerabilities. These security mitigation
technologies do not guarantee that vulnerabilities cannot be exploited.
However, they work to make exploitation as difficult as possible to perform.
Please be aware that this could make some changes to your browser security
that may impact some of the sites you visit, or some of the products you use.
Should you wish to download and install this solution, please use this
XP USERS PLEASE BE AWARE!
If you are running Windows XP, there is no fix. Windows XP support
stopped on April 8, 2014. After this point Microsoft will not be issuing any
additional support for this platform. TUC can help to upgrade any workstations
you may have in in your organization.
IF YOU NEED ASSISTANCE…
If you have any questions or need guidance in accessing this service, please contact the TUC
Service Desk team by clicking HERE or calling 1-866-698-8454.