Zero-Day Exploit targeting Internet Explorer

Official Reference: CVE-2014-1776
More Information: Microsoft Security Advisory 2963983
Update Issued May 1, 2014: Microsoft Security Bulletin MS14-021 – Critical

Researchers at FireEye Research Labs have identified an Internet Explorer (IE) zero-day exploit that has been used in targeted attacks. This vulnerability will affect IE6 through IE 11 but targeted attacks have been specifically targeting IE 9, 10, and 11.

The vulnerability is a remote code execution vulnerability and exists in the way Internet Explorer accesses Flash objects in memory. In a web-based attack the attacker would host a web site that contains a webpage used to exploit the vulnerability the attacker would dupe victims into visiting the attack page by clicking links contained in an email or instant message.

According to researchers at FireEye there are steps administrators can take that will “break” the exploit. These include EMET 4.1 and 5.0 and using Enhanced Protected Mode in IE, available in IE 10 and 11.

The exploit requires the Adobe Flash plug-in to be present in the browser and disabling the Flash plug-in within IE will prevent the exploit from functioning.

To disable Flash in Internet Explorer

  1. Start Internet Explorer
  2. Go to Tools -> Manage Add-ons
  3. On the left side change the “Show” Drop Down List to All add-ons On the right side select the Adobe Shockwave Flash Player Click Disable