Microsoft released an out-of-band emergency patch for the latest Internet Explorer zero-day vulnerability (CVE-2014-1776) for all versions of Windows including Windows XP.
Due to its exploit potential, patching or remediating vulnerability like this in a timely manner is crucial, which is why Tripwire offers a 24 hour SLA on critical Microsoft Security Bulletins. Within 24 hours of the Microsoft bulletin, Tripwire’s Vulnerability and Exposures Research Team (VERT) delivered vulnerability detection rules for CVE-2014-1776 to Tripwire IP360 customers.
However, as this is a pervasive issue affecting all versions of Internet Explorer since IE6, prioritizing remediation across large networks of Windows machines can be a daunting task.
Fortunately, Tripwire IP360 can help prioritize remediation by finding machines vulnerable to this vulnerability, and providing business context for affected machines based on asset and network values. Asset and network values allow security and IT operation teams to prioritize the work on critical assets to most effectively reduce risk
Once you’ve identified the critical assets affected by CVE-2014-1776, you can deploy the emergency patch or alternative actions.