Block Zero Day Exploit (How To)

MICROSOFT had publicly disclosed more information about the zero-day exploit (and ways to block it) following its security advisory on Internet Explorer 6 vulnerability.

Vulnerability explained

"The vulnerability is an Internet Explorer memory corruption issue triggered by an attacker using JavaScript to copy, release, and then later reference a specific Document Object Model (DOM) element. If an attacker is able to prepare memory with attack code, the reference to a random location of freed memory could result in execution of the attacker’s code," Jonathan Ness, Software Security Engineer working with the Security Research & Defense team, said in a blog post.

"The vulnerability is present in Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8. All versions may crash after opening the attack code. However, there are a number of ways to limit the attack to an IE crash and prevent attacker code execution," he added.

IE6 vulnerability
Table courtesy of Microsoft

I think this vulnerability is the same as the one used by attackers to launch zero day attacks that hit several web sites worldwide including the PRC website. In our previous post, we discussed about zero-day (or zero-hour) attack. Such term sounds scary but don't worry about the attack, Microsoft already provided ways to block code execution, as follows:
  • Disable JavaScript. It's easy to do this but most websites may not work properly if this workaround is applied.
  • Enable DEP. Data Execution Prevention or DEP prevents the execution of code from pages of memory that are not explicitly marked as executable. This is very useful especially if you've been sent a code hidden in .gif or .au files among other risks.
To check if DEP is enabled in your system, go to My Computer > Advanced system settings > Advanced tab > Settings... > Data Execution Prevention.

If you're too lazy to do it, just use the Microsoft Fix It tool to enable DEP in Windows XP and Vista. Windows 7 need not do it, DEP is enabled by default in this latest OS.

That's it. This is very important; don't take it for granted. I know there's still a fraction of users on IE even though this area of interest is dominated by rival browser Firefox based on data from users accessing this site.