The vulnerability, known as “CVE-2013-3918,” was first spotted by security researchers at FireEye last Friday, and has been used to infect computers that access a compromised website (FireEye isn’t saying which one) by installing a trojan. According to a post to the Microsoft Security Response Center blog, Microsoft knew about the vulnerability before FireEye published its post, and had already planned to include a fix in tomorrow’s patch.
In a nutshell, the vulnerability allows an attacker to compromise a website and insert code that will install a trojan onto the victim’s computer. The trick is that the trojan in question is only installed in memory, and doesn’t leave any of the usual traces that antivirus software looks for on a hard drive, which means that it’s hard to tell if you’ve been infected. That in turn means that it’s hard to kill the infection, since you might not know you have it. For the nitty-gritty technical details, check out FireEye’s detailed look at the malware payload being used.
At particular risk are users of Windows XP running IE 7 and Windows 7 running IE 8, though the vulnerability appears to affect IE 7, 8, 9 and 10, according to FireEye’s report.
Until you’re able to install the patch, here are Microsoft’s tips for protecting yourself:
- Set Internet and local intranet security zone settings to “High” to block ActiveX Controls and Active Scripting in these zones
This action will help prevent exploitation but may affect usability; therefore, trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.
- Configure Internet Explorer to prompt before running Active Scripting or disable Active Scripting in the Internet and local intranet security zones
This action will help prevent exploitation but can affect usability, so trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.
- Deploy the Enhanced Mitigation Experience Toolkit (EMET)
This will help prevent exploitation by providing mitigations to help protect against this issue and should not affect usability of websites.