Friday, May 2, 2014

IE FireEye Zero Day Exploit Fix - Adobe Flash Issue Again


Once again, Microsoft is getting the blame for a exploit caused by another company, that being Adobe.

Adobe is well know for very poor coding practices and data governance, it's products are littered with bugs. Adobe Flash has a particular bad security vulnerability history, 316 exploits at last count. Adobe Flash is used by 14.2% of all the websites and declining.

Embedded below is a partial list of Adobe Flash exploits, see website
here for full details of each exploit with a score and are not limited to Windows platform, Mac OS is affected as well.

FireEye the firm that found the bug, (in its own advisory) says the exploit currently is targeting IE9 through IE11 (although the weakness also is present in all earlier versions of IE going back to IE6), and that it leverages a well-known Adobe Flash exploitation technique to bypass security protections on Windows Microsoft’s security advisory credits security firm FireEye with discovering the attack.
ie0daymitigation
According to information shared by FireEye, the exploit also can be blocked by running Internet Explorer in “Enhanced Protected Mode” configuration and 64-bit process mode, which is available for IE10 and IE11 in the Internet Options settings as shown in the embedded image to the left. 

For, non-expert IE users to download and install its Enhanced Mitigation Experience Toolkit (EMET), a free tool that can help beef up security on Windows. Only, the latest versions which fixes this is are available here.

No comments:

Post a Comment