Microsoft has warned Internet Explorer users of a remote code execution vulnerability (CVE-2014-1776 ) that is present in versions 6 through 11. The company is aware of limited, targeted attacks aimed at exploiting the vulnerability, the Redmond outfit said in a security advisory issued on Saturday.
According to FireEye, the security firm that brought the bug to Microsoft’s notice, it is aware of an ongoing attack targeting the said vulnerability in Internet Explorer 9 through Internet Explorer 11. The firm also pointed out that the targeted versions alone accounted for over a quarter of the overall browser market in 2013.
“Threat actors are actively using this exploit in an ongoing campaign which we have named ‘Operation Clandestine Fox,’” FireEye said in a blog post Saturday. “However, for many reasons, we will not provide campaign details. But we believe this is a significant zero day as the vulnerable versions represent about a quarter of the total browser market. We recommend applying a patch once available.”
Microsoft says that it is still investigating the issue and will, upon the completion of its probe, either release a fix as part of its monthly security update release process, or issue an out-of-band security update. In the meantime, IE users could use the workarounds suggested by Microsoft to thwart the attack. These include: deploying the Enhanced Mitigation Experience Toolkit (EMET) 4.1; setting Internet and Intranet security zone settings to “High”, unregistering VGX.DLL; modifying the Access Control List on VGX.DLL to be more restrictive; and enabling Enhanced Protected Mode for IE11 and enabling 64-bit processes for Enhanced Protected Mode.
“An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” Microsoft said in the security advisory.
“An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content.”