Internet Explorer Zero-Day Flaw 2013

Posted on 2013-01-16
Last Modified: 2013-07-22
I am seeing articles about this topic all over the net and my company is using IE 8 as a standard apps browser and some of the apps involved sensitive data/information.

I did a search on Zero Day on Expert Exchange but the results given were posted on 2011, are they the same thing?

I saw the posts were stating fixit patch that was released few days ago didn't help and that the permanent solution was to upgrade to IE9 and above.

Should I be alarmed by this IE flaw since everyone in my company are using IE8?
If so is there any countermeasure that I can consider of?
Question by:mondainai
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 38

Accepted Solution

Rich Rumble earned 168 total points
ID: 38787403
Make sure your users are not Administrators of their machines, Windows 7 by default makes it this way, but often people over-ride it for their users, making them Admins of their machines. That's the biggest no-no in all of IT. The second mitigating factor is to apply the M$ EMET tool to all programs that users use, Adobe (flash/reader/shockwave), Java, Office, IE, FireFox, Chrome etc... It's a great tool that I've used since it came out, no issues what so ever, but your mileage may vary.
LVL 64

Assisted Solution

btan earned 166 total points
ID: 38787441
IE was having serious of event of such serious and of high risk rating because public exploit ia available and even free pentest tool has ready exploit package using it since end Sept 2012. It mentioned successfully attack the vulnerability on Internet Explorer versions 7, 8 and 9 on Windows XP, Vista and 7.

But I believe you are referring to this and that is another targeted real attack on IE (again) using flash exploit. The seriousness is because of the water hole effect where website(s) itself become a hosting malware of the flash waiting for more user to visit it.

According to Microsoft, the issue is "under limited exploit in the wild"; however, there is a Metasploit module available which can theoretically exploit the hole.

But since Dec with this hotting up, MS out-of-band security update for the critical security hole that affects Internet Explorer 6, 7 and 8 is now available as of 14 Jan. MS had previously released a "Fix it" patch, which had subsequently been worked around by security researchers. If users have installed the "Fix it", they do not need to uninstall it as it does not interfere with the operation of the update, but MS suggests that it should be removed after the update. MS also reminds users that, where possible, they should update to Internet Explorer 9 which is not vulnerable to this hole.

You may want to check out this on MS FAQs

Q: If EMET was used to mitigate the possible attack, should this be removed once the patch is successfully installed?

A: EMET is not only effective to mitigate possible attacks of this issue, but it's a useful tool to mitigate several classes of attacks. EMET adds several layers of mitigations to the ones already present in the operating system. If EMET works for your environment we recommend keeping it enabled to mitigate future attacks.
LVL 55

Assisted Solution

McKnife earned 166 total points
ID: 38789206

It's important to know what flaw you are talking about. This? is fixed.

You have to be aware that using the web is always risky, not only when so called zero-day exploits are on the news. It's risky every day because dumb users might send out your company's data simply because they don't understand, what they are been tricked into.
Apply patches but be aware that there might be more holes that some people know but you don't.

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
I've been an avid user and supporter of Malwarebytes Premium Version 2.x for years. It's an excellent product that runs alongside just about any Anti-Virus application without issues. It seems to have an uncanny ability to pick up many things that A…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question