Blog

Rajib Singha
Critical Security Alert for Internet Explorer Users by Microsoft
September 19, 2013

The Redmond Giant has issued a critical security advisory in the interest of Internet Explorer users. Reports are in that, a security vulnerability in all supported versions of IE has been let loose.

zero-day-exploit-alert-for-all-internet-explorer-users1

What is the Vulnerability?
In its official security advisory, Microsoft has reported the vulnerability to be a remote code execution (RCE) vulnerability. This security flaw has been labelled as “CVE-2013-3893”. Given the fact that, this vulnerability has no available patches at the moment, it is a zero-day security flaw.

Note: A zero-day security flaw is one that gets exploited by hackers before any security patches are released to fix it.

What are the affected Versions of IE?
Internet Explorer 6, 7, 8, 9, 10 and 11 are the affected versions.

According to the company, incidents of malwares exploiting the vulnerability in IE 8 and IE 9 have already been reported. Users must understand that, this does not imply that the other IE versions are any safer.

Is there any Fix?
Although Microsoft has not released any security patch, it has released a temporary Fix it solution called “CVE-2013-3893 MSHTML Shim Workaround”. As the name suggests, this solution is only a workaround (temporary patch), and is not a cure for the underlying problem. Until an official security patch is released, this workaround will help prevent attackers from exploiting the vulnerability in the affected versions of IE.

Follow this link to apply the Fix it patch.

Note:
The Fix it patch only applies to 32-bit versions of IE. For those using 64-bit IE, they would have to wait until Microsoft releases an appropriate software update. In the meantime, they are advised to use browsers other than IE.

Users of 64-bit IE can also install Microsoft’s Enhanced Mitigation Experience Toolkit. This toolkit can be used to tweak Windows security technologies, and reduce the risk of attacks. However, PC novices may find it difficult working with this toolkit. Even users who are tech-savvy are recommended to follow the User’s Guide before putting this toolkit into use.

Thus, most experts have recommended that users are better off surfing the Internet with an alternative browser, until a permanent patch for the vulnerability comes in.

How does an Attacker use the Vulnerability?
As mentioned, this vulnerability can allow an attacker to gain remote access of the victim’s computer.  How damaging this remote code execution can be, depends on the user rights the user is logged on with. For instance, if the victim is logged on as an administrator, then the attacker can gain the same user rights can get complete control of the system.

How is the IE Vulnerability Exploited?
The IE vulnerability can be exploited only with the help of malicious websites designed by the attacker. And for this, the attacker must trick or convince the victim to visit the site. For this, the attacker may send the victim an email containing a link to the website, or an email attachment that redirects the user to the website. In some cases, websites that allow users to add content, are also used by hackers to exploit the vulnerability.

Note: Microsoft has announced that, its server platforms are not susceptible to this vulnerability. By default, Internet Explorer on Windows Server platforms runs on restricted mode. This mode prevents a normal user and even an administrator from downloading malicious websites that are capable of exploiting the vulnerability.

Recommended Measures
We recommend users to consider taking the following measures, to cut the risk of the CVE-2013-3893 vulnerability:

  1. Use other browsers such as Firefox, Chrome, Safari, etc.
  2. Do not run your administrator rights for everyday tasks like browsing.
  3. Use Quick Heal Safe Browsing feature for surfing the Internet.
  4. Keep an eye out for any security updates by Microsoft to fix this vulnerability.

For a more detailed report on the IE vulnerability, you can read this official security advisory, released by Microsoft. We will keep our readers updated about any further developments on this matter. Let’s hope Microsoft does not take too long before releasing a complete fix.

Have something to add to this story? Share it in the comments.

Rajib Singha
About Rajib Singha
Rajib is a Physics graduate and a technology enthusiast. Besides having a keen interest in the latest gadgets, he is also into IT security and all that it...
Articles by Rajib Singha »

31 Comments

Your email address will not be published.

CAPTCHA Image

  1. I am having quick heal total security installed, but I am unable to open QUICK HEAL SECURE Browser, as whenever I try to open QH secure browser, the message comes – Unable to open QH browser as it only supports IE,Chrome or Mozilla. My default browser is IE 8.

    Reply
  2. It’s nice

    Reply
  3. The Microsoft Fix it patch is only for Internet Explorer 32-bit versions. What about 64-bit versions?

    Reply
  4. its nice

    Reply
  5. virus protection not work properly.

    Reply
  6. It is quite informative and important

    Reply
  7. prakash.n.gohilSeptember 20, 2013 at 9:19 PM

    its supar sarvice

    Reply
  8. i have re-intall my coumputer after the crashed that is the reason why i have intalled again QIS Total SECURITY

    Reply
  9. It is quite informative and important. I am using this quick heal total security .And it scan viruses very quick.

    Reply
  10. very good

    Reply
  11. shubhangi kirteSeptember 21, 2013 at 1:00 PM

    It`s nice protector….

    Reply
  12. thanks quick heal

    Reply
  13. sir your quickheal is osem..?

    Reply
  14. sir quickheal is dest……….?

    Reply
  15. shashwat kapoorSeptember 22, 2013 at 12:31 AM

    v.good

    Reply
  16. ringamlung pameiSeptember 22, 2013 at 2:25 AM

    Sometime my laptop are hang for 30 sec or more i don know what is really wrong with this one help me out please.

    Reply
  17. Hi!
    Himanshu,
    Thanks for updating with the recent article.Hence, I’d rather choose to use other browsers than that of IE and that too with QH safety browsing.

    Reply
  18. S. N. SukhwalSeptember 22, 2013 at 5:18 PM

    I am not a computer expert. I just know to use for opening as well as sending the Mail. some times to search some information. My computer Laptop was purchased by my children who are busy with their activities. I do not know how Quick Heal can oblige us.

    Reply
    • Hello Mr/Ms Sukhwal,

      For emailing and searching information, you use the Internet on your laptop. And as useful as Internet is, it is the main tool for hackers to target their victims. Quick Heal does not only promise to protect your machine, but it also helps improve its performance and health. You can drop in by our website anytime, if you wish to know what Quick Heal Security Solutions have to offer.

      Regards,
      Rajib

      Reply
  19. Heera Lal PatwlSeptember 23, 2013 at 7:13 AM

    Hi,
    Rajib Singha
    Quick Heal Internet Security
    give me BEST result

    Reply
  20. ujjwal chandraSeptember 23, 2013 at 11:03 AM

    hii,I am using Quick heal security.bt it is trial version.Does it work like Quick heal mobile total security.

    Reply
    • Hello Ujjwal,

      Quick Heal Mobile Security (QHMS) protects Android and BlackBerry devices from unseen threats. It also offers call and SMS blocking functionality. Its Anti-Theft feature helps you track, lock and even wipe your device in case it is lost or stolen.

      Quick Heal Total Security offers all-round protection for Android devices. Apart from having all the basic features of QHMS, it includes Parental Control, cloud backup, and even network monitoring. For more information on both these products, follow:

      http://www.quickheal.com/in/en/qhmbs
      http://www.quickheal.com/in/en/qhmtsa

      Regards,

      Reply
  21. Hi Rajib, thanks for the alert.
    I Just want know that if any device previously exposed to such kind of things, so haw can we detect…
    Rajib, your alerts and explanations are really helpful.. Thanx

    Reply
  22. I think , its fantastic antivirus. It protects my full phone from viruses. It gives timely reports to me with results. I think it is the best ever I had.

    Reply
  23. i have recently installed quick Heal Antivirus pro 2013 , it says its outdated i must upgdade but if i do it does not update

    Reply
  24. sir i have a virus on my sd card…. but sir my antivirus is not catching this virus plsss sir helppp me……..

    Reply