Trend Micro helps Affected Users Navigate CVE-2014-1776 Vulnerability
Trend Micro Incorporated warns of and provides mitigation around the first Internet Explorer zero-day vulnerability – CVE-2014-1776 – which will remain unpatched in Windows XP. To protect users against exploits leveraging this vulnerability, Trend Micro has released two rules to help reduce the threat until a patch is provided by Microsoft, and to protect unsupported Operating Systems (“OS”) such as Windows XP.
Announced over the weekend via the Microsoft Security Advisory 2963983, the CVE-2014-1776 vulnerability is due to the way Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The successful exploitation of the vulnerability allows an attacker to execute arbitrary code in the context of the current user, allowing the attacker to run code on a victim system if the user visits a website under the control of the attacker.
“This vulnerability may linger unpatched in many systems for some time, as it is the first vulnerability affecting Windows XP systems that will not be patched. This means that for the millions of users still using this particular operating system, they will be left with a security hole that will never be fully fixed. The risk of using unsupported OS such as Windows XP is real, and this vulnerability is proof of that. We strongly encourage Windows XP users to migrate to a supported OS as soon as they can, and ensure their systems are protected as they plan for the migration,” comments, Dhanya Thakkar, Managing Director, India & SEA, Trend Micro.
Users can be lured into opening specially crafted webpages using the Internet Explorer by clickable links sent through emails or instant messages. The Adobe Flash file embedded in these malicious sites will then be used to bypass Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) protections on the target system. While attacks are only known against three IE versions 9 to 11, the underlying flaws exists in all versions of IE in use today, from IE 6 through to IE11.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.