Microsoft is warning users of Internet Explorer of active attacks exploiting a previously unknown security flaw in all versions of IE. By browsing to a hacked or malicious site, the vulnerability can silently install malicious software without any input or actions from the user.
Microsoft is aware of 'limited, targeted attacks' that have used the exploit in the wild.
TamGroup recommends limiting the use of IE only to web sites that require it in order to run. Use Chrome or Firefox for all internet browsing.
IE 10 and IE 11 can be protected against attacks using this exploit if they have their Enhanced Protected Mode turned on, however turning on EPM will break the functionality of most web sites. Another option is disabling the Adobe Flash plugin in IE. This is known to prevent the exploit that’s in the wild but will break all web sites that use flash.
Another option is to De-Register VGX.dll (VML parser) file, which is responsible for rendering of VML (Vector Markup Language) code in web pages to prevent exploitation. Run the following command:
regsvr32 -u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"
Microsoft has not yet provided a patch, but will almost certainly issue one for users running Windows Vista/7/8. The next regularly-scheduled “Patch Tuesday” is May 13.
This is likely the first of many security holes Microsoft will never fix for Windows XP now that Microsoft no longer supports that Operating System.
Using a service like OpenDNS can help prevent users from accidently browsing to malicious sites. This service can be implemented at the edge of the network for all users and would not affect any user’s ability to view business related web sites.
If you would like assistance with this issue please contact TamGroup sales at (415) 455-5770 and dial 1 or email: support (at) tamgroup.com.