April 29, 2014 by Brad Garnett
Microsoft recently acknowledged and issued a security advisory (Microsoft Security Advisory 2963983) regarding a vulnerability that would allow remote code execution (RCE) in all versions for Internet Explorer (version 6-11 published). Remote Code Execution means a drive-by installation of malicious code delivered to the user's browser by visiting a specially crafted website that is designed to exploit this vulnerability. If an attacker exploits this vulnerability and the PC user visits the website, the attacker will now the same user rights to the local computer. If the current user has administrative rights, the attacker could take complete control of an affected computer and begin pivoting into other computers (or systems) on the local network. The attacker could create additional user accounts, install programs or additional malware for a backdoor into the computer, and edit/delete data. Department of Homeland Security (DHS) and other security companies are giving this a HIGH and CRITICAL impact score levels. In other words, this vulnerability (officially assigned CVE-2014-1776) is being used in targeted attacks with significant impact on an array of affected users based on IE's market share, and is currently being actively investigated with no patch yet available. Microsoft will publish a solution or recommend users apply a patch once one is available. This vulnerability may become labeled as the "VML bug", based on it exploiting the Vector Markup Language (VML), which is considered deprecated.
So what can I do?
Microsoft recommends the following workarounds and suggested actions:
Are you still a Windows XP user?
End of life for Windows XP was April 8, 2014. Microsoft no longer supports Windows XP and will not be releasing any updates for Windows XP. Un-register VGX.DLL and never re-register it. Contact your IT Consultant and options for upgrading your exiting Windows XP computer systems. Until Microsoft releases a patch for this specific vulnerability and as a separate workaround, you can use an alternative browser such as Google Chrome or Mozilla Firefox for web browsing.
Please feel free to contact your Kemper IT Consultant on a solution that is specific to your environment.
Microsoft Security Advisory 2963983- https://technet.microsoft.com/en-us/library/security/2963983.aspx
National Vulnerability Database- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1776