New Zero-Day IE Exploits

First up was this alert from eWeek that exploit code had been posted for a previously unknown code execution hole in Internet Explorer.  This article came on September 14, about 5 days ago.

On that same day Microsoft published this security bulletin, which describes an issue with the DirectAnimation Path ActiveX control.  Although it’s not immediately apparent whether this security bulletin is related to the exploit code described in the eWeek article, a review of the CVE listing provides enough information to believe that the exploit described by eWeek does, in fact, use the vulnerability described by Microsoft in their security bulletin.

This Dark Reading article also describes the same vulnerability and the related exploit, and was published yesterday, Monday, September 18.

Also yesterday, eWeek reported zero-day IE attacks spotted in the wild, but these attacks do not appear to be related to the exploit discovered last week and instead appear to be new attacks.  Although specific vulnerability information was not available in that article, a quick trip to the Sunbelt weblog provided some additional information that indicates these are new attacks against a new vulnerability that remains unpatched by Microsoft.  No formal word from Microsoft yet, but I expect we’ll probably see a security bulletin in the next few days.

In the meantime, protect yourself against these attacks by following the workarounds suggested in the Microsoft security bulletin (for the ActiveX control exploit).  Alternately, you can switch to Mozilla Firefox or (for those of you that are technically inclined) build yourself a web sandbox using VMware Workstation and undoable disks (sort of like the Browser Appliance, but using Windows instead for greater compatibility with those sites designed for Internet Explorer).

UPDATE:  As I predicted earlier today when I first posted this article, Microsoft has indeed published a security bulletin regarding the VML vulnerability I described above as discovered by Sunbelt Software.  The MSRC blog posting announcing the bulletin credits ISS as assisting in the confirmation of the vulnerability.

Tags: , ,