Microsoft recently released a security advisory for a vulnerability in Internet Explorer (IE) that allows remote code execution. According to the report, the vulnerability, which affects IE 6, 7, and 8, is caused by an invalid flag reference within the browser and was initially found on a single site, which has since been taken offline.
Our researchers were able to acquire a sample of the exploit for the said vulnerability and have analyzed the threat. We detect the main page that delivered the exploit as HTML_BADEY.A. This page downloads a backdoor detected as BKDR_BADEY.A. This backdoor, in turn, downloads various encrypted files that when decrypted contain the commands that the backdoor will perform.
It is not clear when this vulnerability will be patched but until then, users can take some steps to protect themselves. The beta version of IE 9 is not affected by this vulnerability so users can upgrade to this version to protect themselves against this vulnerability. Other mitigating steps are mentioned in the advisory though these will cause most, if not all, sites to improperly load.
The mitigating steps force the use of a user-specified CSS sheet (breaking site formatting) and disabling scripting (disabling many site features). Users can also check that Data Execution Prevention (DEP) is enabled, which will help reduce the potential effects of any exploit. Instructions for these mitigation steps are found in the Microsoft security advisory.
Trend Micro users are well protected against this threat, as the malware used in this attack are already detected. We also suggest downloading Browser Guard, an IE add-on that protects against vulnerability exploits, including this one for free.
Share this article