Protect Internet Explorer from watering hole attack

Internet Explorer_9Public reports on the Internet are reporting a serious remote code execution vulnerability in Microsoft Internet Explorer. The vulnerability only affects Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8. Internet Explorer 9 and Internet Explorer 10 are not affected. At the time of writing Microsoft is aware of this vulnerability to Internet Explorer 8 only.

Windows Server 2003, Windows Server 2008 and Windows Server 2008 R2 run in restricted mode which uses an Enhanced Security Configuration which mitigates this vulnerability. For more information you might want to refer to the Microsoft Security Advisory 2794220.

Attackers were using a technique called “watering hole” whereby hackers exploit a genuine web page (or more than one web page) by delivering a malicious payload onto a Windows system running on the Internet Explorer versions as mentioned above. What was interesting with this attack, was the attackers only used a few lines of Javascript code to execute this malicious exploit. Note: If you set your default language to anything other than US English, Chinese, Japanese, Korean or Russian you wouldn’t be affected by this exploit.

Given the threat to Internet Explorer users is very real. Here are some simple options to consider:

  • Upgrade to Internet Explorer 9 – this would be the straight forward option
  • Set Internet Explorer settings for Internet and Intranet to HIGH – this will block the exploit from running
  • Alternatively you could look to use another browser such as Google Chrome or Mozilla Firefox which are not affected by this exploit
  • Use Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) – this is not for novices
  • Consider using a web browser script blocker – see bootnote

Microsoft is also working on a one-click Fix it tool called a ‘shim’ which will block the vulnerable code paths. We will update our readers when this is released into the public domain. More information about Fix it  UPDATE: Jan 1st 2013  – Microsoft release Fix it tool

Bootnote: Do you want manage and control what websites collect from your computer? If so, I suggest you read further on how to block browser scripts from running as using these script blockers would stop this exploit from being installed/run.

Safe surfing folks!

This entry was posted in browser, malware, privacy, windows and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *