Jump to content

New Internet Explorer CVE-2014-1776 Zero Day Used in Targeted Attacks

rockman

By rockman
in Anti-Exploit Beta

 Share

Recommended Posts

  • Staff
pbust

pbust

Posted
  • Staff
Posted

For now it seems that FireEye and Microsoft are keeping a tight grip on the exploit code so we can't test it. As soon as we get our hands in sample code we'll test it and confirm here.

 

But from the description from FireEye MBAE should protect against this zero-day no problem.

Link to post
Share on other sites
rockman

rockman

Posted
  • Author
Posted

Thank you for the response. Apparently this has something to do with the VML renderer. Like it was ever used in the first place... :wacko:

 

Therefore, I'll just type the fix into a command prompt as Admin to guard against this vulnerability:

regsvr32 -u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"

 

The new post editor is barely functional using IE11.

Link to post
Share on other sites
rockman

rockman

Posted
  • Author
Posted

Another mitigation is to run IE with ActiveX Filtering enabled. Enabling Tracking Protection should also help. Add EasyLists as well as automatically blocking content under "Your Personalized List". Only disable these blocks on trusted sites.

:)

Link to post
Share on other sites
rockman

rockman

Posted
  • Author
Posted

Steve updated the page I previously posted:

http://steve.grc.com/2014/04/28/a-quick-mitigation-for-internet-explorers-new-0-day-vulnerability/

"To immediately protect any use of Internet Explorer – yes, even on creaky old WinXP (the XPocalypse has been delayed): You must first open a command prompt window with administrative privileges. This is done by right-clicking on the Command Prompt icon in the start menu and selecting “Run As Administrator.” Commands issued within this window will have the privilege required to make system level changes.

32-bit systems only require the first command. But since 64-bit systems have both a 32-bit and 64-bit version of the vulnerable file, both commands must be used with them:

regsvr32 -u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"

regsvr32 -u "%CommonProgramFiles(x86)%\Microsoft Shared\VGX\vgx.dll"

These commands unregister (-u) the VML renderer, making it inaccessible to the exploit attempt. Your IE browser will no longer be able to render vector markup language content, but it’s been unused on the web for many years.

You can perform a “before and after” test to confirm that VML rendering has been disabled with this simple VML rendering of an office layout: http://www.vmlmaker.com/gallery/visio/office_layout.htm. The proper response is a BLANK PAGE. If you receive a notice that “A VML capable browser is required…” you must add the vmlmaker.com domain to IE’s “Compatibility View” for the test to function properly. This is done under the settings menu.

"

Link to post
Share on other sites
ritchie58

ritchie58

Posted
Posted

I recieved a security patch for my Win 7 machine from Microsoft for this exploit yesterday. I was glad that Microsoft has decided to let XP users recieve the security update for this zero-day vulnerability as well. I think that was a rather wise move considering how many folks and busineses are still using this outdated platform worldwide.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.