Here we go again. A major zero day vulnerability in a widely deployed application, Internet Explorer, has been discovered. The usual cycle of discovery-disclosure-patch-announcement-exploitation has bee reversed this time. FireEye Research Labs discovered the exploit being actively used in what they have dubbed “Operation Clandestine Fox.”

The fact that a zero day in IE6 through IE11 is actively being exploited induced DHS CERT to warn people to stop using Internet Explorer until a patch is available. Millions of people stopped using IE many versions ago, so they are not impacted by this new attack vector. Of course all browsers have their issues; as Dan Kaminsky Tweeted “All browsers have 0day, and lots of it.”

Many enterprises have standardized on, and have written their applications to only work with, Internet Explorer. They are the ones who have to scramble. Katie Moussouris, a Microsoft security expert, suggests: “How to mitigate against the latest IE vulnerability? And break many more exploits? Install EMET! Even if you decide to switch browsers, install EMET!”

EMET (Enhanced Mitigation Experience Toolkit) is a tool developed by Microsoft to stop many exploits, even zero-days. It can be deployed quickly through Microsoft System Center Configuration Manager.

Another technology worth looking at is Spikes Security’s AirGap. The AirGap appliance is an innovative hybrid of proxy and virtualization. Every browser session from every internal user is proxied through a virtual instance in the appliance. Browser borne malware never gets past the micro sandbox which is destroyed when the browser tab is closed.

Branden Spikes, CEO of Spikes Security, worked with Elon Musk for over 15 years first at Zip2, then PayPal, Tesla, and SpaceX, so he is familiar with the need for scale, throughput, and security in the browsing world.

Attackers are actively researching browser vulnerabilities all the time. It is a good assumption that all browser versions are being exploited in some way all the time. This presumption of breach is an important mind-set to adapt. Every organization should have technology deployed that answers the question “what if the browser is vulnerable?”

Leave a Reply