Microsoft announced this last Saturday that all versions of Internet Explorer are vulnerable to attack. In Security Advisory 2963983 Microsoft reported a vulnerability that could allow remote execution of software (“remote code execution”). In this case that means that an attacker could execute arbitrary code as if the attacker were the user running the browser. So if you logged in to your PC as user “Alice” and Alice has full administrator privileges, the attacker could do virtually anything he or she wanted to do. The bug was discovered by security firm FireEye.
In the advisory Microsoft recommends multiple ways to mitigate the issue. The first is “Deploy the Enhanced Mitigation Experience Toolkit 4.1”. I must admit that I was unfamiliar with EMET so I had to do some reading. I don’t manage any large networks of Windows machines these days, so EMET sounded interesting.
When I followed the link in the Advisory, the first thing the article told me was that it applied to a different version of Windows than I was using. Since I’m using Windows 7 Professional, I was a bit surprised. I later found that I could indeed use EMET, but I haven’t done so, yet as I don’t have a non-production machine to test it on right now (if you’ve tested it, please let me know in the comments below).
To shorten a long story about investigating EMET, I found that it is a tool to stop some potentially dangerous behaviors of software. It has to be enabled for each software tool to be protected, and some software relies on what it considers potentially dangerous, so it can’t be used to protect those tools. To download it, see http://technet.microsoft.com/en-us/security/jj653751 To see what software is incompatible, see http://support.microsoft.com/kb/2909257 As I mentioned, I didn’t go this route as I kind of hate to install software with which I’m unfamiliar on one of the office machines I use for everyday work. I’ll try it on a client’s testbed in a week or so when I get the opportunity and I will let you know if I learn anything.
Yesterday as I write this (29 April 2014) Gizmodo announced that Adobe has released a patch for the Flash-enabled flaw.
What I did personally, was to follow the second advice in the Advisory and disable Active X in my browser. I also disabled Flash as some sites have reported that Flash is required for the known attacks. As of this writing Microsoft has not announced a patch.
As we note in Learning Tree Course 468, System and Network Security Introduction all software is susceptible to bugs or security issues regardless of manufacturer. Our advice there – and here — is be vigilant and apply patches (after testing, of course) and keep up with security information. Please let us know in the comments below what you’re doing about this bug and your experiences with EMET
To your safe computing,