Internet Explorer has been the obvious web browser choice when it comes to zero-day attacks and exploitations. More recently, Internet Explorer has been the brunt of a recent attack suspected to be initiated by the same attackers behind initiated ‘Nitro’ cyber espionage against defense companies.
A group responsible for exploiting a Zero Day critical flaw in the Java infrastructure just last month allowing Trojans to spread rapidly, have had their deployed attack sapped by a workaround issued by Microsoft. The new workaround is a fast reaction initiated in part by Microsoft researchers uncovered in a new security advisory (2757760).
Microsoft’s professed solution to the Java exploit, which would prevent a vulnerability within Internet Explorer to execute remote code, applies to Internet Explorer versions 6, 7, 8 and 9. Internet Explorer 10 is currently not affected by the vulnerability.
Computer users are urged to keep their software updated at all times in addition to running antispyware software to detect and remove any potential threats that could make cause issues outside of the Java exploitation. In some circumstances an infection from recent rogue anti-spyware apps or ransomware, such as Live Security Platinum, Ukash Virus or FBI Moneypak Ransomware could exacerbate other issues such as the Java exploit.
What the workaround from Microsoft does for those who may be affected by the exploitation attack is to deploy an Enhanced Mitigation Experience Toolkit (EMET) configured for Internet Explorer. Additionally, the workaround will advise setting Internet and local intranet security zone settings to ‘High’ to block ActiveX Controls and Active Scripting. Lastly, the workaround guides users to configure Internet Explorer to prompt before running Active Scripting. Active Scripting may also be disabled altogether in the Internet and local intranet security zone to make the ‘blocking’ efforts completely effective.
Top recommended workarounds for those potentially affected by the zero-day Java exploit
- Install and run EMET 3.0 (Enhanced Mitigation Experience Toolkit) to bring enhanced security protections to Windows.
- Avoid use of Internet Explorer by utilizing other web browsers such as Google Chrome or Mozilla Firefox.
- Update Java or uninstall it altogether if you do not rely on it to enable other software to work.
- Set Internet and local intranet security zone settings to ‘High’ to block ActiveX Controls.
- Configure Internet Explorer to prompt before running Active Scripting.
- Disable Active Scripting in the Internet and local intranet security zones.
The major downfall of Microsoft’s workaround, until a permanent solution is served, is the user may experience an abundance of security warnings due to the odd security settings advised. Outside of Microsoft’s suggestions in their workaround or security advisory 2757760, is to utilize a different web browser such as Google Chrome or Mozilla’s Firefox, which are not as vulnerable to the Java exploit as Internet Explorer.
UPDATE: Microsoft has stepped in to provide more of an automated fix to the Internet Explorer exploitation by planning to release a tool called Fixit. The Fixit tool will be a proactive solution to the IE vulnerability by offering an easy-to-use and one-click process to provide full protection against this issue. The Fixit tool will not affect the ability to browse the Web and will be available for download and installation in the next few days.
Microsoft has stepped in before to provide solutions to vulnerabilities where others may have failed to provide the sufficient software patch or update to prevent issues. The Fixit tool will be an updated to Microsoft’s Security Advisory 2757760 and we should expect a new or updated Security Advisory to be released with links to download the Fixit tool in the next few days.