Researchers: We've cracked Microsoft fix for Windows IE zero day exploit
A team of researchers at Exodus Intelligence say they have cracked the temporary fix released by Microsoft for a zero day exploit found in Internet Explorer.
The security researchers at the firm say that they have managed to beat Microsoft's "Fix It" solution, which was recently released as a temporary measure. The original vulnerability came to light several weeks ago and is able to infiltrate various versions of Internet Explorer.
Security researcher Eric Romang originally found four files while stumbling around a compromised server; an executable, a Flash Player movie and two HTML files called exploit.html and protect.html. Together, when a user visits the exploit.html page, it loads the Flash movie, which in turn loads the other HTML page. Afterwards, the executable is dropped on to the victim's computer, which allows cyberattackers to drop any file they wish on to the machine and take control via malware or bots.
The vulnerability occurs in the way IE accesses an object in memory which may be corrupted, either due to memory deletion or improper allocation, which then gives an attacker access with user privileges.
Once made aware of this security flaw, Microsoft released a free security tool, called the Enhanced Mitigation Experience Toolkit (EMET), or Fix It, which is meant to prevent hackers from gaining access to Windows-based systems. The fix is currently available on Microsoft's website.
Reports suggest the exploit was recently used in a number of cyberattacks against political and manufacturing websites, including the Council on Foreign Relations in the U.S., and Uygur Haber Ajanski, a Chinese website focused on human rights.
Brandon Edwards, VP of Intelligence at Exodus told Threat Post that the firm looked at Fix It to try and determine just how well the temporary patch smoothed over the vulnerability. Edwards commented:
"Usually, there are multiple paths one can take to trigger or exploit a vulnerability. The Fix It did not prevent all those paths. The Fix It covered paths used by the exploit, but not all the ways the vulnerability can be reached. A full patch should eliminate all those possibilities."
Exodus will not release specific details of its crack until Microsoft has patched the vulnerability, but if white-hat researchers have already managed to crack the code, then there is no reason to believe malware coders have not already done so.