How to protect yourself against the zero-day exploit for Internet Explorer 6 to 11

A new Zero-day vulnerability in the Internet Explorer affects all IE Versions from 6 to 11 and is being exploited in limited and targeted attacks. This vulnerability, identified as CVE-2014-1776 ,could allow remote code execution even if the user doesn’t click on anything. Remote code execution means that attackers could distribute malware via a drive-by installation.
The bad news is there is still no patch at the time writing this article.
The good news is that the attacks seen in the wild so far seem to have relied on hitting IE 9, 10 and 11, using Adobe Flash as a lever. This doesn’t mean that the older versions are not being hit. It can be that the efforts of the cybercriminals are focused on the masses which have IE 9 and newer.


How can you protect yourself

The current exploit can be mitigated by disabling Adobe Flash Player, which is the vehicle used in exploiting the IE flaw. Note that the bug isn’t in Flash, so this is not something Adobe can fix, nor its it Adobe’s fault (as unbelievable as it may seem). Using specially crafted Flash files can help attackers prepare the contents of the memory on your computer in order to make a successful attack possible.

Additionally, you should configure that IE asks you when a page requires Active Scripting. Ideally, you should disable active scripting, but many websites will simply not function if this is activated. You have to change the settings by going in IE’s settings, click on Security, Custom Level and scroll down to the Scripting area.


The probably better option is to deploy the latest version of Microsoft’s Enhanced Mitigation Experience Toolkit (EMET). The utility contains security mitigation technologies that can protect the software running on your computer against attacks, even those that target Windows XP systems.

Just installing the application with default settings will give you some peace of mind.
Once Microsoft fixes the problem, you’ll have to update your Windows.


What about Windows XP?

Well, XP is also vulnerable, and unfortunately, it will remain like this. This means that Microsoft will not push the updates to this operating system, once they are available.

However, by using the mitigation techniques presented above you can still secure IE running on Windows XP as well.

Read more about Windows XP in this article.


Sorin Mustaca

IT Security Expert

from Avira – TechBlog

© Copyright Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity

Check for seeing the consulting services we offer.

Visit for latest security news in English
Besuchen Sie für IT Sicherheits News auf Deutsch

About the Author

Sorin Mustaca
Sorin Mustaca, (ISC)2 CSSLP, CompTIA Security+ and Project+, is working since over 20 years in the IT Security industry and worked between 2003-2014 for Avira as Product Manager for the known products used by over 100 million users world-wide. Today he is CEO and owner of Endpoint Cybersecurity GmbH focusing on Cybersecurity, secure software development and security for IoT and Automotive. He is also running his personal blog Sorin Mustaca on Cybersecurity and is the author of the free eBook Improve your security .
%d bloggers like this: