Trusteer’s Exploit Prevention Stops Attacks Targeting New IE Zero-Day (CVE-2013-3893)
A new zero-day vulnerability that affects all versions of Microsoft’s Internet Explorer (IE) is currently being exploited by attackers to silently download malware on user endpoints. Microsoft released a “Fix it” workaround tool to address the new IE vulnerability, though no patch is available at this point.
Microsoft said it is aware of exploit attempts targeting the vulnerability (CVE-2013-3893) in IE versions 8 and 9. According to the Microsoft advisory, “the vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.”
This means that by creating a website that contains exploit code (an exploit site), or by injecting the exploit code into a legitimate site (a watering hole attack), attackers can exploit the vulnerability and silently download malware on a user endpoint without the user knowing this has happened.
A Few Things You Should Know About the Microsoft Fix It
The Microsoft Fix it modifies the mshtml.dll when it is loaded in memory to address the vulnerability. Please note the following:
- Applying this solution may limit some functionalities of IE. If you run into problems after applying it, there is an option to disable the Fix it.
- The Fix it applies only to 32-bit versions of IE. If you are running the 64 bit, the Fix it cannot be applied.
How to Be Proactive Against the Zero-Day Vulnerability
Zero-day exploits are top concerns for enterprise organizations. As this example shows, protecting user endpoints from exploits that target unknown vulnerabilities for which no patch exists is a very difficult task. But, there is a solution: exploit prevention technology.
Exploit prevention technologies are effective because they do not require advanced information about the exploit code, its source, the vulnerability it tries to exploit or the malware it downloads. These are solutions that prevent the successful execution of the exploit. IBM Security Trusteer Apex Advanced Malware Protection effectively protects users against the new IE zero-day threat, as well as other threats. It uses Stateful Application Control to validate sensitive application operations. Because exploits create unknown, invalid application states, it can identify them in real time and prevent them from successfully compromising the endpoint. There is no need to define special rules or policies, just to enable the protection. Once enabled, it is automatically enforced.
So, Trusteer Apex customers do not need to worry — they are already protected.
Image Source: Flickr