Internet Explorer Zero-Day Vulnerability (CVE-2014-1776)

Risk Rating: Critical
Industries Impacted: All
Urgency: Immediate

 

Heartbleed Alert

What's the issue?

A newly discovered vulnerability in the Microsoft Internet Explorer browser versions 6 to 11 was publicly acknowledged by Microsoft on April 26th, 2014. This is a ‘zero-day’, previously unknown vulnerability. Threat actors are currently exploiting this vulnerability to bypass protection mechanisms used by Microsoft Windows to conduct advanced persistent threat (APT) style attacks.

The vulnerability allows an attacker to download code to a victim’s computer without their knowledge. This code allows the attacker to create a back door to a computer from which numerous exploits can be launched to obtain access to sensitive information, install software to remotely control the system and perform data exfiltration, or propagate an attack from a victim’s machine to others (botnet).

The vulnerability exists due to a flaw in Internet Explorer and how it accesses system memory. PwC is aware of at least one published ‘zero-day’ exploit that uses malicious Adobe Flash files in order to successfully attack systems. There may be other unpublished exploits.

What is the potential impact?

Attackers could leverage this vulnerability to introduce customized malware, rootkits or other APTs to conduct targeted attacks on systems, with little or no perceived user detection (‘Drive-by’ scenarios). A likely method of attack would require users to visit an attacker hosted website with malicious content. Typically, this would be achieved through exploiting a lack of information security awareness. Attackers would use social engineering techniques, such as sending unsolicited e-mails or instant messages trying to convince users to click on malicious links or open attachments.

Internet Explorer on both desktop and server versions of Windows are vulnerable. However, the out-of-the-box default configuration on the Windows server versions of Internet Explorer runs in a special secure environment known as ‘Enhanced Security Configuration,’ which defends against this issue.

What can you do?

Tactical

  • Microsoft has released a security bulletin (MS14-021), which includes security updates that address this vulnerability. Security updates for Windows XP have also been released, even though Microsoft has stopped offering support this operating system.
  • Install and configure the Microsoft Enhanced Mitigation Experience Toolkit (EMET) version 4.1. In the recommended configuration, EMET protects Internet Explorer from such attacks.
  • Update Adobe Flash for Internet Explorer to address the publicly available exploit; Internet Explorer would, however, still remain vulnerable unless the security updates from Microsoft have been installed.

Strategic

  • Bolster your cyber security capability by employing a ‘defence-in-depth’ strategy for multiple layers of controls and monitoring based on comprehensive risk assessments and industry best practices.
  • Develop a security awareness campaign, which informs and educates employees about the dangers and risks of social engineering attacks.
  • Consider migration to a Windows 7-based workstation environment, if still using Windows XP; Microsoft has terminated support for Windows XP as of April 8, 2014 (unless specific arrangements have been made by you with Microsoft), which will include security updates.

For a deeper conversation contact Salim Hasham, Partner, National Cyber Resilence Leader.


PwC’s Cyber Resilience practice
Our Cyber Resilience practice helps you envision a security strategy that aligns with your corporate goals by understanding and quantifying your risk environment. We transform your processes and tools to provide your business with the necessary technology tools to reach new markets, suppliers, partners while addressing continually changing customer demands. We work with you to protect what’s important by putting in place the right people and processes so that you’ll know where your critical information is and how to safeguard it. We help you respond quickly and efficiently should an urgent need arise.