Microsoft has released Security Advisory 2963983 which covers a new “zero day” attack threat to Internet Explorer. All versions of IE are affected – from v6 to the latest release v11 on Windows Server versions 2003, 2008, and 2012, including Windows Desktop versions XP, 7, and 8.x. At this time there are no patches available from Microsoft and currently, there is no ETA for a patch release. Since XP is no longer under Microsoft support, it is unlikely that it will receive a security patch update.
Until a patch is released here is the summary of current workarounds:
Configure & deploy Enhanced Mitigation Experience Toolkit (EMET) 4.1+
- EMET is a free utility that helps protect windows applications by protecting the way the are allowed to run in memory.
- EMET can initially take time to configure and requires testing for application functionality.
Turn up the built-in Internet Explorer security zones
- A quick fix that can be set by policy – turning up security zone settings to block ActiveX and Active Scripting will prevent this exploit from running
- Disabling AX/AS may also prevent other sites from working correctly – they will need to be manually added to the IE “trusted sites” to function correctly
Unregister VGX.DLL
- A quick fix that will prevent this exploit from running
- VGX is responsible for displaying an VML (Vector Markup Language) – when this DLL is unregistered it will remove any and all VML functionality which could break other websites
Enable EPM (only applies to Win7/Win8/Server 2012 R2)
- Enabling Enhanced Protection Mode will prevent this exploit from running.
- Other website functionality shouldn’t be affected due to how EPM is implemented.
According to other sources there are additional immediate workarounds that require disabling and/or uninstalling flash.
Each and every environment is different, and for that reason, you must carefully consider which option works best for your organization. At a minimum, educate your employees about Internet security, and ensure your company’s computer usage policy is being followed. Each unsuspecting user has the ability to click on a compromised site, impacting your environment. If you determine that system changes are in order, keep in mind that there is a trade-off with increased security, such the inability to access sites that no longer function properly. [tweetable]The risk/benefit analysis will be a factor in the path you determine.[/tweetable]