Continue Reading This Article
Enjoy this article as well as all of our content, including E-Guides, news, tips and more.
Another approach to mitigating this zero-day is to use Microsoft's Enhanced Mitigation Experience Toolkit (EMET). This free toolkit keeps watch over Windows processes and applies various mitigation techniques to find and react to attacks on memory corruption vulnerabilities. In a blog post, Qualys CTO Wolfgang Kandek said, "We ran EMET through its paces with the Metasploit module for CVE-2013-1347, and it indeed catches the exploit before it can install the RAT program." Since this is also by no means the first Internet Explorer zero day, using EMET as a general protection strategy seems wise.
The Microsoft advisory describing the vulnerability also pointed out additional factors mitigating attacks, including the default "restricted" mode used to run IE on Windows Server 2003, 2008 and 2008 R2. Another mitigating factor is that all supported versions of Microsoft Outlook, Outlook Express and Windows Mail open HTML-encoded messages in restricted mode.
Several security vendors reported that the U.S. Department of Labor website was hacked over the weekend in an attack that placed code to exploit the flaw within site visitors' browsers and then downloaded malware to their systems. A CrowdStrike blog entry on the attack notes, "Eight other compromised sites were also reported to be similarly compromised, with the data suggesting that this campaign began in mid-March."