A week after September‘s Patch Tuesday, Microsoft rushed a “Fix It” workaround tool to address a new zero-day Internet Explorer vulnerability (CVE-2013-3893), which is reportedly being actively exploited in certain targeted attacks.
Using this vulnerability, the attacker may corrupt the memory in such a way that could allow execution of arbitrary code with the rights of the logged-in user. To do so, an attacker must persuade its victim to browse an exploit-hosting website by way of phishing, spam or social networking sites. As per the Microsoft security advisory (2887505), all Internet Explorer versions (from version 6 to 11) are affected by this vulnerability.
Trend Micro Deep Security and Intrusion Defence Firewall (IDF) customers can use the following DPI rule to protect their hosts from attacks around (CVE-2013-3893):
- 1005689 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3893)
Users are also advised to make use of Microsoft’s “Fix It” workaround tool and avoid visiting unverified links, websites or open any email messages from unknown/dubious senders. Other workarounds – like using non-IE browsers and avoiding running as an administrator account – should also be considered. We will update this blog once we have more information about this threat.