NAS Technology Consulting

Internet Explorer Remote Code Execution Vulnerability

April 29th, 2014

IE-justdontA zero day bug in Internet Explorer was found by FireEye research labs and released to the public on Saturday, 4/26/14.  This virus does not have a super fancy name but is being actively exploited on the web:  Microsoft Internet Explorer Remote Code Execution Vulnerability (CVE-2014-1776).

The Department of Homeland Security recommends you DO NOT USE Internet Explorer at this time.  It is recommended to use Firefox or Chrome until a security patch is released by Microsoft.  Because Microsoft has discontinued support of XP, this vulnerability will never be fixed for Windows XP.
Microsoft’s security advisory detailing the bug can be found here.
If you must use Internet Explorer, only use it for those specific sites that it is required.  Also be aware that many other applications such as Outlook and Word use Internet Explorer as the engine to render HTML objects.  There are a few steps you can take to mitigate your exposure to the security flaw. 
Use the Enhanced Mitigation Experience Toolkit (EMET) 4.1
Disable Adobe Flash in Internet Explorer 11
  •  Though not a flaw specifically with Adobe Flash, it does use flash as a container for the attack.
  • Open IE and click the gear in the upper right corner.  Choose “Manage Add Ons”
  • Inline image 2
  • Hightlight “Toolbars and Extensions”
  • Show:  “All Add-Ons”
  • Find “Shockwave Flash Object” and click “Disable” Button
  • Also disable “Shockwave ActiveX Control”
  • Inline image 1
Mitigate the issue by unregistering a DLL file named VGX.DLL
  • By unregistering a library, any application that uses the DLL may no longer function properly
  • VGX.DLL provides support for VML (Vector Markup Language) in the browser
  • Click “Start” and type CMD and hit Enter
  • Copy and paste the following:
  • “%SystemRoot%System32regsvr32.exe” -u “%CommonProgramFiles%Microsoft SharedVGXvgx.dll”
  • You can download a BATCH file that automatically unregisters the file by performing the above steps by visiting Symantec’s blog
  • http://www.symantec.com/connect/blogs/zero-day-internet-vulnerability-let-loose-wild

 

 

0 Comments

Leave a Reply