A new Day Zero vulnerabilty in nearly all versions of IE has been discovered and announced publicly by FireEye, a security company.
What is a Day Zero Vulnerability?
Also called Zero Day or Zero Hour (not to be confused with size zero) is any vulnerability for which the developer has not yet released a patch/fix.
What is “Clandestine Fox”?
The hacking operation carried out that uses the particular vulnerability found by FireEye (CVE-2014-1776) to attack and takeover systems.
Which versions of IE are affected?
Microsoft says its “Every supported version of IE” (read IE6 through IE11)
FireEye says that IE9 through IE11 are the most targeted.
Has a patch been released yet?
No. Which is why we are calling it “Zero day” at the time of going to the press.
Has anyone been attacked using this?
Microsoft said it is aware of “limited, targeted attacks” against the vulnerability (CVE-2014-1776) so far.
I use IE. What should I do?
Download and install its Enhanced Mitigation Experience Toolkit (EMET) 4.1 (not any previous version), a free tool that can improve security on Windows. According to FireEye, the exploit also can be blocked by running Internet Explorer in “Enhanced Protected Mode” configuration and 64-bit process mode, which is available for IE10 and IE11 in the Internet Options settings. Ensure you have layered security in place.
Ok. But I don’t see the fox eating XP.
Microsoft released the final set of patches for XP on April 8 2014. This means that you cannot patch this or any future vulnerability on XP. EMET does not protect XP either. So, if you have XP and use IE, you will always remain vulnerable.
Oh! I use XP. What should I do?
Get rid of it a.k.a. Upgrade to a newer supported version.
Information Security, SSAE 16, ISO 27001, CISA, Cert-IN
Comments are closed.