The latest Internet Explorer zero-day exploit targeting vulnerability CVE-2014-1776 has IT departments scrambling. Even the U.S. and U.K. governments advised computer users to use a different browser until Microsoft released a patch.
Microsoft released an emergence patch today for all versions of Windows including XP. Until a patch is deployed several actions can be taken:
- Deploy EMET, in FireEye’s tests they found that the exploit was broken and/or detected by EMET versions 4.1-5.0
- Use Enhanced Protected Mode (EPM) in IE10+ it was found to break the exploit
- The exploit relies on Adobe Flash to execute, so disabling the Flash plugin will also break the exploit. Adobe has also issued a patch for Flash that will fix the issue.
Tripwire Enterprise: Detecting Risky Configurations
These factors can also be used to identify what systems in particular were vulnerable during the time gap before a patch is deployed. Tripwire Enterprise has the ability for administrators to create flexible and custom rules to show and report what systems are protected using EMET, as well as which devices have Flash enabled.
Tripwire Enterprise Flash Policy Check (click for larger view)
Tripwire Log Center: Real-Time Intelligence To Detect IE Exploits
Tripwire Log Center integrates with intrusion detection systems such as Sourcefire and Palo Alto who have released detection rules to detect this exploit. Acting on alerts from IDS system, Tripwire Log Center is able to act on threats such as the Internet Explorer exploit in real-time.
Mitigating the Internet Explorer 0-Day Threat with Tripwire
Tripwire Log Center integrates tightly with Tripwire Enterprise for configuration data and Tripwire IP360 for vulnerability data. Combining this data with real-time threat alerts, Tripwire’s suite of of products can intelligently identify if the targeted system is vulnerable to the exploit and if its configuration puts it at further risk. We also identify the device’s business context to fully understand the risk its compromise poses to the organization.
As we have seen the past few weeks with Heartbleed and now Internet Explorer, application vulnerabilities can take different forms and require different methods of detection and mitigation.
There is no silver bullet when it comes to protecting your environment. Security requires multiple controls, intelligence and context to mitigate today’s threats given the multitude of attack vectors and tools available to your adversaries.
While you are cleaning up from Heartbleed and IE, attackers are already on to the next exploit, are you prepared?
- VERT Alert: Internet Explorer Memory Corruption Vulnerability Patch
- Heartbleed and Your SOHO Wireless Systems
- Stopping the Heartbleed
- Detecting Heartbleed Exploits in Real-Time
The Executive’s Guide to the Top 20 Critical Security Controls
Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].
Title image courtesy of ShutterStock