New IE Zero Day is Actively Exploited In Targeted Attacks

Right after a week from September Patch Tuesday, Microsoft had to rush a “Fix It” workaround tool to address a new zero-day Internet Explorer vulnerability (CVE-2013-3893), which is reportedly being actively exploited in certain targeted attacks.

As Microsoft advised, the said exploit is targeting a Use After Free Vulnerability in IE’s HTML rendering engine (mshtml.dll). Though the exploits out there are implemented entirely in JavaScript, an attacker can choose to use Java, Flash, VBScript, etc. as well. For more technical information about the vulnerability, you can check Microsoft’s page.

Once this , the attacker may corrupt the memory in such a way that could allow execution of arbitrary code in the context of logged-in user. To do so, an attacker must persuade its victim to browse an exploit-hosting website by way of phishing, spam or social networking sites. As per Microsoft Security Advisory (2887505), all IE versions (from version 6 to 11) are affected by this vulnerability.

Trend Micro Deep Security and Intrusion Defence Firewall (IDF) customers can use the following DPI rule to protect their hosts from attacks around (CVE-2013-3893):

1005689 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3893)

Users are also advised to make use of Microsoft’s “Fix It” workaround tool and avoid visiting unverified links, websites or open any email messages from unknown/dubious senders. We will update this blog once we have more information about this threat.

Post from: Trendlabs Security Intelligence Blog – by Trend Micro

New IE Zero Day is Actively Exploited In Targeted Attacks