Zero Day Flaw Revealed – CVE-2014-1776

A new zero-day vulnerability, which affects all versions of Internet Explorer (IE) 6,7,8,9,10 and 11 has been announced by Microsoft and is being tracked as CVE-2014-1776.

As 26% of all computers use IE for web browsing, this is very much a serious issue. The vulnerability exists in the way that IE accesses an object in memory which has been deleted or has not been properly allocated.

A hacker could host a website designed to exploit this vulnerability, to lure users using IE. Once the user has accessed the website, the hacker is able to gain the same user rights as the current user, giving him complete control of the victim’s computer and the ability to remotely execute code, install malware; view, change or delete data.

Network Box Security Response, in partnership with Microsoft’s Active Protection Program (MAPP), was quick to react and PUSHed out NBIDPS (IDS & IPS) signatures, in real-time, to all Network Box systems running NBIDPS. Already released, these signatures detect exploits of CVE-2014-1776 and provide protection at the gateway, thus ensuring that all customers using the NBIDPS system will be safeguarded against known exploit vectors.

In addition, we are continuing to work with our anti-virus labs to provide HTTP anti-virus protection signatures or known exploits wherever possible.