IE Workarounds for New Zero Day Exploit Redmond Issues Advisory for New IE Vulnerability Sean Michael Kerner
A potential zero day issue emerges as Microsoft issues an advisory about Msdds.dll that could cause IE to crash.
Zero day exploits are among the most traumatic events on the IT security landscape because they come without warning and by definition have no fix.
With the specter of such an exploit budding on Friday by a French security firm claiming that it found such an exploit in Microsoft's Internet Explorer, Microsoft quickly issued an advisory with workaround information.
French security firm FrSIRT titled the exploit, "Microsoft Internet Explorer 'Msdds.dll' Remote Code Execution Exploit" and publicly posted Proof of Concept code on its Website in order to backup its claim.
An FrSIRT spokesperson told internetnews.com an anonymous researcher who sent the exploit to FrSIRT first discovered the vulnerability.
FrSIRT did not first alert Microsoft about the vulnerability, which Microsoft does not consider to be responsible disclosure.
"We continue to encourage responsible disclosure of vulnerabilities," Microsoft's advisory on the issue states. "We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests. This practice helps to ensure that customers receive comprehensive, high-quality updates for security vulnerabilities without exposure to malicious attackers while the update is being developed."
FrSIRT's spokesperson explained that the researcher who discovered the issue decided to publicly disclose it. In accordance with FrSIRT's disclosure policy, the firm verified the information and then published the exploit on the FrSIRT website.
Microsoft Security Advisory (906267) said Microsoft is investigating the issue and is currently unaware of any attacks using the exploit.
The advisory explains that the Msdds.dll COM (define) object, when called from a Web page viewed with IE could cause IE "to unexpectedly exit."
"This condition could potentially allow remote code execution if a user visited a malicious Web site," the advisory states. "This COM Object is not marked safe for scripting and is not intended for use in Internet Explorer."
In fact, in the mitigating factors section of Microsoft's advisory, the company said only IE users with the affected COM object (Msdds.dll versions 7.0.6064.9112 and 7.0.9466.0) are vulnerable.
According to a US-CERT advisory on the issue, IE users that have Visual Studio .NET 2002 installed on their systems are the users that are likely at risk. The at-risk version of Msdds.dll does not ship with Microsoft Windows and is not part of Microsoft Office either.
Microsoft has offered a number of workaround in its advisory to further mitigate risk. Those workarounds include:
Set Internet and Local intranet security zone settings to "High" to prompt
before running ActiveX controls in these zones;
Change your Internet Explorer to prompt before running or disable ActiveX
controls in the Internet and Local intranet security zone;
Disable the Microsoft DDS Library Shape Control (Msdds.dll) COM object
from running in Internet Explorer;
Unregister the Msdds.dll COM Object;
Modify the Access Control List on Msdds.dll to be more restrictive
