Operation Aurora – Another Internet Explorer Zero Day

Well, it turns out there is another Internet Explorer Zero-day attack out in the wild. The attack, which has been dubbed Operation Aurora, is linked to the recent cyber-attacks on Google and other companies originating China. 9B8MN9ENFUE8 In light of all of this, security company McAfee warns that public exploit code is now available and anyone using Internet Explorer could be at risk of what many are calling the most sophisticated and targeted cyber-attack in years.

The vulnerability addressed in Microsoft Security Advisory 979352 states that IE6, IE7, and IE8 on supported editions of Windows 2000, Windows XP, Windows Vista, and Windows 7 are effected.

It must be noted however that the Protected Mode feature of Windows Vista/Windows 7 limits the damage of this exploit to some degree.

So what can a user do to protect themselves until Microsoft releases a patch?

Steps to Mitigate Internet Explorer Zero Day

1. Upgrade from IE6- If you are still using IE6, I recommend upgrading to IE8 or at the very least IE7. IE6 is an old, buggy, and dinosaur of a web browser. furthermore, it does not have the built in security protections that IE7/IE8 have. If possible, please upgrade.

2. Enable DEP (Data Execution Prevention) – DEP is available on Windows XP SP3, Windows Vista, and Windows 7. It is a protection mechanism to prevent or help reduce the damage of buffer overflow exploits. Ensure DEP is enabled on your system.

3. Enable User Account Control/Protected Mode(Vista/7) – Windows Vista and Windows 7 have User Account Control, and a feature for Internet Explorer called “Protected Mode IE”. UAC must be turned on to use Protected Mode. Protected Mode sandboxes Internet Explorer somewhat, and prevents it from writing to certain areas of your drive and registry. Please ensure your using Protected Mode on the Vista or Windows 7 platform.

4. Raise the Internet Zone security to “High” - Raising the security of the Internet Zone to the High setting can help protect your computer from this attack. It is much harder to exploit this vulnerability with the Internet Zone set to High as it disables ActiveX and Active Scripting in the Internet Zone. Only add sites you trust to the Trusted Zone, and keep the Internet Zone set to High, this should greatly insulate you from this flaw.

5. Keep your Security Software Updated – This can also help decrease your risk. Please make sure you keep your security software updated and current. This will allow it to help you fend off such attacks.

6. Run as a Limited User(Mostly XP Users)- Windows XP by default has the user running as Administrator, this is bad in terms of security. Windows XP users should strongly consider creating a Limited User account and doing their day-to-day computing operations from there, and only using their administrator account to perform maintenance and updates. Windows Vista and Windows 7 employ UAC and Limited Accounts are not as critical, but still great nonetheless. On Vista/7 creating a Limited Account will make UAC require a password much like Linux sudo.

Following the steps above should insulate your computer from this attack until a patch is released to fix this issue.

9B8MN9ENFUE8