It’s nice that Microsoft can keep guys like me busy. Luckily, exploitation of their latest zero-day weakness seems to be limited (so far) to an advanced persistent threat (APT) attack targeting users of a specific national and international security policy website. This particular exploit is being delivered in a traditional “drive-by” attack when users of the English-version of Internet Explorer (specifically IE 7 and 8 on Windows XP, and IE 8 on Windows 7) visit this website. What distinguishes it from past threats is this malware’s ability to write malicious code directly to memory and then execute without writing to disk, a technique that makes detection and remediation much more difficult.
Microsoft intends to release a patch for this vulnerability as early as tomorrow (Nov 12). This is very fast for someone like Microsoft, and may be an indication of how serious this particular vulnerability might be.
What this means for you:
Though the exploit seems to be narrowly targeted at the moment, security researches say it wouldn’t be hard to manipulate the existing attack software to affect all versions of IE from 7 through 10, and any language in which IE is distributed. Assuming you have the leeway to do so, I still recommend using another browser like Chrome or Firefox, which still have a better track record when it comes to catching and patching weaknesses like the above. If you are required to use IE, make sure Windows Update is functional, and that you apply all critical and important updates as they are downloaded to your computer. Larger companies may control how frequently Windows Updates are applied in their enterprise, but don’t be afraid to ask your resident IT representative if they are taking steps to keep Internet Explorer safe for your use.