A temporary workaround to mitigate a zero-day vulnerability in Internet Explorer causes most Web pages to load improperly.
By Ron Condon, UK Bureau Chief
Researchers at Trend Micro Inc. are warning Internet Explorer users that a workaround, which can be deployed to block a new zero-day flaw in the browser, can break the functionality of most Web pages.
Microsoft warned last week that it is investigating a new vulnerability that affects all supported versions of Internet Explorer, and could lay it open to remote code execution. The company also said it is aware of targeted attacks that are already trying to exploit the vulnerability.
The IE flaw exists due to an invalid flag reference within Internet Explorer, which can be accessed after an object has been deleted under certain conditions. The company says that in a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.
Jonathan Leopando, a researcher with Trend Micro’s TrendLabs is warning that the temporary measures advocated by Microsoft to block the flaw will cause most Web pages to load improperly in IE.
“The mitigating steps force the use of a user-specified CSS style sheet (breaking site formatting) and disabling scripting (disabling many site features),” he wrote, adding that users should also check that Data Execution Prevention (DEP) is enabled, to reduce the potential effects of any exploits.
The best way to avoid the problem, he says, is to upgrade to the beta version of IE version 9, which is not affected.
In the TrendLabs blog, Leopando said Trend Micro researchers have acquired a sample of the exploit for the vulnerability and have analyzed the threat. The main page that delivers the exploit downloads a backdoor, which in turn downloads various encrypted files which, when decrypted, contain the commands that the backdoor will perform.
“This makes exploiting the vulnerability easier, which means that attacks that target will probably become more commonplace,” he wrote.