Microsoft Issues Workarounds for New Internet Explorer Zero-Day Exploit

FireEye Research Labs recently discovered a zero-day exploit currently being used in targeted attacks on Internet Explorer. The newly identified exploit uses Adobe Flash as a vector for hackers to surreptitiously hijack vulnerable computers.

While the vulnerability is present in IE versions 6 through 11, only IE 9 and higher have thus far been targeted.

Microsoft has issued two workarounds to counter the exploit while it works on a fix. The first is to run Internet Explorer 10 and 11 on 64-bit systems in Enhanced Protected Model:

Internet Explorer 10 and Internet Explorer 11 users can help protect against exploitation of this vulnerability by changing the Advanced Security settings for Internet Explorer.

You can do this by enabling Enhanced Protected Mode (EPM) settings in your browser. This security setting will help protect users of Internet Explorer 10 on Windows 7 for x64-based systems, Windows 8 for x64-based systems, and Windows RT, and Internet Explorer 11 on Windows 7 for x64-based systems, Windows 8.1 for x64-based systems, and Windows RT 8.1.

The other workaround for both 32-bit and 64-bit Windows systems requires users to unregister the VGX.DLL file used for vector graphics rendering. To do this, the advisory provides commands to enter in an elevated command prompt.

FireEye has named one ongoing campaign underway by hackers that takes advantage of the new IE zero-day exploit “Operation Clandestine Fox.” It did not provide any additional details about it, however.

The versions of IE that have been targeted so far — IE 9, 10 and 11 — accounted for 26.25 percent of the total browser market last year, according to NetMarket Share.