HOME     MENU     SEARCH     NEWSLETTER    
NEWS & INFORMATION FOR TECHNOLOGY PURCHASERS. UPDATED ABOUT A MINUTE AGO.
You are here: Home / Hardware / IE Zero Day: Is Your Enterprise at Risk?
Neustar, Inc.
Protect your website & network using real-time information & analysis
www.neustar.biz
Is Your Enterprise at Risk from IE Zero-Day Flaw?
Is Your Enterprise at Risk from IE Zero-Day Flaw?
By Jennifer LeClaire / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
APRIL
30
2014


After announcing a zero-day vulnerability in Internet Explorer over the weekend, Microsoft has updated its advisory to make the workarounds more clear for enterprises affected. The good news is attacks in the wild only affect versions 9, 10 and 11.

First, let's review the danger. Microsoft reported that an attacker that successfully exploits this vulnerability -- which uses Adobe Flash as a way in -- could gain the same user rights as the computer's user.

"If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system," Redmond said. "An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."

Microsoft suggested its Enhanced Protection Mode as a workaround. EPM is a feature found in IE 10 and 11 on 64-bit systems.

The update Tuesday to the weekend security advisory clarifies that EPM will help protect users of Internet Explorer 10 on Windows 7 for x64-based systems, Windows 8 for x64-based systems, and Windows RT, and Internet Explorer 11 on Windows 7 for x64-based systems, Windows 8.1 for x64-based systems, and Windows RT 8.1.

When Will the Madness End?

We caught up with Jeff Davis, vice president of engineering at security solutions firm Quarri Technologies, to get his take on the zero-day flaw. He told us browser vendors will never patch the "last vulnerability," and we'll probably always have to deal with new zero-day drive-by exploits from time to time.

"To give you an idea of the complexity of modern browsers, Chrome and Firefox each have more than 7 million lines of code and average more than 4,000 commits per month," said Davis. "Even if one of them spent three months doing a massive security audit, by the time they finished there would be 12,000 additional changes to review."

On top of that, Davis said, security audits don't pay the bills unless you're the auditor, so patching issues will always be to some extent a reactive process. Given all this, he concluded, purpose-built browser security solutions are a necessity these days for browsers that handle sensitive information.

Who's Most at Risk?

Tyler Reguly, manager of security research at security software firm Tripwire, told us many enterprises users don't have permissions to install alternatives to IE -- so it's gong to continue to be a target for attackers.

"People are overlooking Microsoft's mention of 'limited, targeted attacks.' Exploits for the vulnerability aren't widespread yet and may not become widespread before patches are released," Reguly said.

FireEye is reporting active attacks against companies in the U.S. with ties to the defense and financial sectors. But, ultimately, any enterprise that uses IE is at risk. From Reguly's perspective, this isn't the first time we're hearing about an Internet Explorer zero-day this year and it won't be the last. The solution: make sure that systems have the best protection possible.

Mitigating the Risk

"The best advice is to ensure all systems have EMET (Microsoft's Enhanced Mitigation Experience Toolkit) deployed and that unnecessary browser add-ons are disabled. This should be part of an enterprise's standard security posture and shouldn't require extra cycles or last-minute deployment," Reguly said. "If companies aren't taking these basic steps to adequately defend their systems by deploying the tools available to them, a new zero-day is probably the least of their concerns."

Reguly's colleague, Tripwire security researcher Craig Young, told us despite the fact that this vulnerability is being actively exploited in the wild, and the Bromium Labs report that many EMET features can be bypassed, users and administrators should not feel helpless.

"EMET may not be perfect but it has been hugely successful at preventing exploitation of zero-day threats," Young said. "If you haven't used it yet, now is a great time to start."

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
Salesforce.com is the market and technology leader in Software-as-a-Service. Its award-winning CRM solution helps 82,400 customers worldwide manage and share business information over the Internet. Experience CRM success. Click here for a FREE 30-day trial.
MORE IN HARDWARE
Product Information and Resources for Technology You Can Use To Boost Your Business

NETWORK SECURITY SPOTLIGHT
The FBI is pointing the finger of blame for the Sony Pictures cyberattack directly at North Korea. The hackers stole confidential data and caused the movie giant to can its new comic film, "The Interview."

ENTERPRISE HARDWARE SPOTLIGHT
Almost half of consumer, industry and life sciences manufacturers are expected to be using 3D printers within three years and now 3D printing services are aiming to help companies experiment.

© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.