Researchers: We've cracked Microsoft fix for Windows IE zero day exploit

Researchers: We've cracked Microsoft fix for Windows IE zero day exploit

Summary: According to reports, a team of researchers have cracked the temporary fix released by Microsoft for a zero day exploit found in Internet Explorer.

SHARE:
TOPICS: Security
18

A team of researchers at Exodus Intelligence say they have cracked the temporary fix released by Microsoft for a zero day exploit found in Internet Explorer.

The security researchers at the firm say that they have managed to beat Microsoft's "Fix It" solution, which was recently released as a temporary measure. The original vulnerability came to light several weeks ago and is able to infiltrate various versions of Internet Explorer.

Security researcher Eric Romang originally found four files while stumbling around a compromised server; an executable, a Flash Player movie and two HTML files called exploit.html and protect.html. Together, when a user visits the exploit.html page, it loads the Flash movie, which in turn loads the other HTML page. Afterwards, the executable is dropped on to the victim's computer, which allows cyberattackers to drop any file they wish on to the machine and take control via malware or bots.

The vulnerability occurs in the way IE accesses an object in memory which may be corrupted, either due to memory deletion or improper allocation, which then gives an attacker access with user privileges.

Once made aware of this security flaw, Microsoft released a free security tool, called the Enhanced Mitigation Experience Toolkit (EMET), or Fix It, which is meant to prevent hackers from gaining access to Windows-based systems. The fix is currently available on Microsoft's website.

Reports suggest the exploit was recently used in a number of cyberattacks against political and manufacturing websites, including the Council on Foreign Relations in the U.S., and Uygur Haber Ajanski, a Chinese website focused on human rights.

Brandon Edwards, VP of Intelligence at Exodus told Threat Post that the firm looked at Fix It to try and determine just how well the temporary patch smoothed over the vulnerability. Edwards commented:

"Usually, there are multiple paths one can take to trigger or exploit a vulnerability. The Fix It did not prevent all those paths. The Fix It covered paths used by the exploit, but not all the ways the vulnerability can be reached. A full patch should eliminate all those possibilities."

Exodus will not release specific details of its crack until Microsoft has patched the vulnerability, but if white-hat researchers have already managed to crack the code, then there is no reason to believe malware coders have not already done so. 

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

18 comments
Log in or register to join the discussion
  • Flash is involved? Imagine that.

    Nothing like a company releasing a fix, only to be undermined by another companies plug-in.
    Snooki_smoosh_smoosh
  • Researchers: We've cracked Microsoft fix for Windows IE zero day exploit

    It took this long for them to crack the fix it so you could say it worked for a while. You would also need to get a user to go to the exploit page and if that is different than the same 5 sites they usually go to then its not going to happen.
    Loverock-Davidson
    • Folks only going to five sites, LOL!

      No one out there using the internet does any type of searches do not clink links.

      How funny…..
      daikon
      • They do searches

        But it will take them to one of their already known list of safe sites. You won't see this exploit happen on the more popular sites which is what search results lead you to.
        Loverock-Davidson
        • Except that if the user clicks a banner ad that

          sends them to a bad site, then it is game over.

          The average user does not know better.
          Snooki_smoosh_smoosh
    • You could say alot of things

      “It took this long for them to crack the fix it so you could say it worked for a while”

      One has to know about and one has to manually install. Joe consumer comes to mind.
      RickLively
  • EMET != Fix it

    EMET has been around for years, and is an all-purpose exploit mitigation tool. The Fix it was released specifically for this vulnerability, and has been reported to have been bypassed.
    forrestgump2000@...
  • Let me see now...

    First, I have to go looking for a specific website (or happen to stumble upon one). Then I have to see a movie pop up and (since the Eolas lawsuit) click on it to actually play it. Then let it play. Then let it finish and go to another Website. Then let that website do its thing. Then end up with something on my PC.

    Whew. This isn't a Microsoft problem - it's a darned stupid user problem. And they actually had it patched to prevent stupidity for a while. And Flash is involved. Shows how much it's the user as well as the software that needs to be fixed. No amount of either proactive or reactive bug fixing can help.
    jwspicer
    • Nice way of trying to downplay it there.

      First part was correct, but the movie can be set to auto play like 90% of flash video then that flash video will automatically redirect you to the second webpage where the payload is dropped..

      So you got a %33 = F.. Better luck next semester
      Anthony E
      • Don't play videos from servers

        What kind of IT professional is browsing randomly from their server anyway?
        goingbust
        • Less than %0.01

          But the people that exploited the server attempt to get other people to access the server to view the payload.. Thats how redirects and email spam work..
          The same question would be asked what kind of IT professional would use unpatched software or what kind of IT professional would browse websites on a Live production server.
          Anthony E
  • use windows in a VM

    I'm not out to bash windows, but really, why aren't people using mac or linux PCs and running your necessary windows apps in a virtual machine guest, off the network as much as possible. Access the internet from the host OS only and don't worry about viruses. No antivirus required.

    Fanboys can rest assured they are still supporting their favorite company by still actually using windows, continuing to funnel your dollars into Ballmer's pockets as this is very important to you.

    Actually, I'm glad people are not doing this, keeping the usage shares low and keeping these other OSs off the virus writers' radar.
    drwong
    • Some do.

      Myself i have bootcamp & vmware but i also have a Esxi server /w teamviewer.. I have VM's of my old windows desktops and clean vms for questionable browsing (Spam from friends, Questionable fb links, etc)
      Anthony E
    • Too much complexity with no benefit.

      n t
      ye
    • Linux I could understand but not os x

      There is a lot of malware out there for os x. It isn't a safe os at all.

      There are so few desktop Linux users that you are right, no one bothers to make any malware for desktop Linux, it simply isn't worth it.

      However, mobile Linux is the least safe OS out there.
      toddbottom3
      • Todd, Write up an article

        Send to Larry with you resume.

        “However, mobile Linux is the least safe OS out there.”
        daikon
      • OSX is not virus-free

        But there is very little change you will get drive-by installations when you visit a website with ANY of the browsers available for the platform.

        You actually have to manually install the malware and approve the installation. And even secure people can get hit (just like in Windows) ... by having malware distributed with an official package.

        And yes .... you should have an anti-virus installed ... Sophos is a good one ... and free.
        wackoae
  • IE will never be secure

    It's been having ongoing security problems since its debut in the early 90's and despite a long history of promises and claims by Microsoft, nothing's really changed. While all browsers have periodic security issues, IE's tend to be much more catastrophic thanks to its completely artificial tie-ins with the OS and its overall poor coding.
    JustCallMeBC