Home » Today Tech News » New Zero Day Vulnerability on Internet Explorer Identified

New Zero Day Vulnerability on Internet Explorer Identified

Zero Day Vulnerability means the hole in a computer application that is unknown to the developers or software providers, this hole provides the way for the attackers which urges the developer to fix it. FireEye Research Labs had identified the Zero Day Vulnerability which affects Internet Explorer from IE6 to IE11. The major point is that there is no fix for this exploit.

This Zero Day exploit was named as “Operation Clandestine Fox” and for many reasons the campaign details are not provided. The user never needs to open an attachment rather just visiting to the malicious website loaded with IE Exploit code which has the capability to deliver the Malware into your machine.

IE Zero Day Vulnerability

The page loading a malicious flash file(.swf) calls for a JavaScript in IE to trigger the Flaw to bypasses both ASLR and DEP. ASLR is the Address Space Layout Randomization helps to provide protection from buffer overflow attacks and DEP is Data Execution Prevention helps to overcome some malicious exploits that store executable instructions in data area. Since there is no patch to fix it, there are some ways to protect your computer from this Zero Day IE Exploit is as follows

  • Enhanced Mitigation Experience Toolkit (EMET 4.1) from Microsoft prevent the users from this exploit
  • Changing the settings on Internet Explorer‘s Internet Security zone

Tools – > Internet Options -> Security -> Internet -> Custom Settings -> Under Script settings -> Disable Active Scripting

  • Disabling IE extension VGX.dll by the command “%SystemRoot%\System32\regsvr32.exe” -u “%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll”