Vulnerability in Microsoft Internet Explorer Could allow Remote Code Execution
Date: 21 February 2014
The purpose of this Alert is to bring attention to Microsoft’s workaround solution to address a use-after-free vulnerability in Internet Explorer versions 9 and 10 being used in targeted attacks.
CCIRC is aware of targeted attacks exploiting a use-after-free vulnerability in Internet Explorer versions 9 and 10. Attackers could exploit this vulnerability by creating or compromising a website designed for this purpose, then using social engineering to influence the user to visit the website, usually by clicking on a link in an email or instant message, or opening an attachment. Successful exploitation allows for the execution of arbitrary code.
Although this activity appears to be limited at the time of writing, it is important to note that this type of attack is highly adaptable and can be used to target various critical infrastructure industries.
CVE Reference: CVE-2014-0322
CCIRC recommends that organizations review the following mitigation steps and consider their implementation in the context of their network environment:
- Consider applying the “MSHTML Shim workaround” solution offered by Microsoft.
- Consider upgrading to a newer version of Internet Explorer. Reports indicate that the exploit will only execute if Internet Explorer version 9 or 10 is running. Please note that there are no confirmed reports on whether other versions are vulnerable at the time of writing.
- Consider installing Microsoft's Experience Mitigation Toolkit (EMET). Reports indicate that the exploit will not execute if it detects EMET.
Note to Readers
In support of Public Safety's mission to build a safe and resilient Canada, CCIRC's mandate is to help ensure the security and resilience of the vital non-federal government cyber systems that underpin Canada's national security, public safety and economic prosperity. As Canada's computer security incident response team, CCIRC is Canada's national coordination centre for the prevention and mitigation of, preparedness for, response to, and recovery from cyber incidents on non-federal government systems. It does this by providing authoritative advice and support, and coordinating information sharing and incident response.
Please note, CCIRC PGP key has recently been updated.
For general information, please contact Public Safety Canada's Public Affairs division at:
Telephone: 613-944-4875 or 1-800-830-3118
- Date modified: