ATTENTION: Avoid Internet Explorer, Major Exploit Found
-
On April 26th 2014, Microsoft released a security advisory (2963983) for a zero-day vulnerability in Internet Explorer (CVE-2014-1776). Exploitation of the vulnerability is reportedly being used in limited, targeted attacks. The vulnerability exists in Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11. There is currently no patch available for this vulnerability and Microsoft did not provide a release date for a patch.
Windows users running vulnerable versions of Internet Explorer are at risk, when visiting compromised websites containing malicious code to exploit this vulnerability.
AFFECTED SOFTWARE:
Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11No Fix has been determined at this time, please disable Adobe Flash and USE ANOTHER WEB BROWSER!!!
Microsoft Suggested Workarounds:
Workaround details: [url]https://technet.microsoft.com/library/security/2963983[/url]
Deploy the Enhanced Mitigation Experience Toolkit 4.1 (EMET). Note: EMET 3.0 does not mitigate this issue.
Set Internet and Local intranet security zone settings to “High” to block ActiveX Controls and Active Scripting in these zones.
Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone.
Unregister VGX.DLL.
Modify the Access Control List on VGX.DLL to be more restrictive.
Enable Enhanced Protected Mode For Internet Explorer 11 and Enable 64-bit Processes for Enhanced Protected Mode. -
Mitigation for vulnerabilities, includes Windows XP.
