Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

How Vulnerable Are You To The Latest IE 0-Day?

Tenable customers can use a combination of active scanning, passive scanning and configuration auditing to gauge their level of risk, progress on workaround implementation and track the remediation process once a patch is released.

Internet Explorer Zero Day Vulnerability

Recently an unpatched vulnerability was discovered in Microsoft's Internet Explorer web browser (including versions Internet Explorer 6 through 11). This remote code execution bug takes advantage of how Internet Explorer handles Flash objects to gain control of the system in the context of the running user.

The new vulnerability hits a pain point for Windows XP users, as Microsoft has ended support, and if they stick to that, no patch will be issued for XP. Currently, Microsoft has not issued a patch for the vulnerability, but here are a few workarounds:

  • Perhaps the most obvious is to switch to a different web browser (Such as Chrome or Firefox). However, this is not a viable option for some, as if you are tied to XP you could also likely be tied to Internet Explorer.
  • Microsoft is recommending customers install and configure EMET 4.1 to mitigate this attack until such time a patch can be released. However, some mitigations available in EMET do not work on Windows XP (Reference)
  • Configure Internet Explorer security zones to "High" - This setting will result in blocking of ActiveX controls, which protects the system from being exploited, but also causes many web sites to become unusable
  • Other workarounds suggested are to uninstall Flash from the system and/or de-register select components of Internet Explorer which contain, or could trigger, the vulnerability. Of course, if the systems require Flash, this is not a viable workaround.

How Vulnerable Am I?

Tenable Passive Vulnerability Scanner (PVS) customers can use a host of plugins which provide information about web browsers. The advantage with PVS is this is done passively, and if you are sniffing packets as they go out across the Internet, you can effectively gauge risk. The PVS plugin Microsoft Internet Explorer detection reports on usage and the version of Internet Explorer. PVS also has the upper hand in this scenario as it can detect Internet Explorer in use, even if its running in a VM or an unmanaged system, allowing you to find the gaps in your patch management.

Tenable has several plugins across multiple products that will help you gauge just how vulnerable you are to the vulnerability. For example, you can use the dashboard to show existing web browsers which already have vulnerabilities:

Once a patch has been released by Microsoft, the above dashboard will be extremely helpful in measuring how efficiently the patch is rolling out in your environment.

If you want to know which systems have EMET installed, to estimate the work involved in rolling out a workaround you can use the Nessus plugin titled Microsoft Enhanced Mitigation Experience Toolkit (EMET) Installed.

If you're curious just how many systems have Adobe Flash installed, there is the Nessus plugin titled Flash Player Detection.

Conclusion

Using multiple methods and sources for data collection, Tenable customers can accurately assess the state of the network when new threats are made public. Even though there is not currently a patch available for this vulnerability at the time of this writing, you can begin the remediation process. Whether you implement a workaround or not, having the right information to make the decision is key. Our products can help you gauge the level of effort and level of risk associated with vulnerability remediation and workarounds.

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,275

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, email, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.