JPCERT-AT-2014-0018 JPCERT/CC 2014-04-28 (First Edition) 2014-05-02 (Updated) <<< JPCERT/CC Alert 2014-04-28 >>> Vulnerability in Microsoft Internet Explorer in April 2014 https://www.jpcert.or.jp/english/at/2014/at140018.html I. Overview Microsoft Internet Explorer contains multiple vulnerabilities. As a result, a remote attacker could execute arbitrary code by convincing a user to open specially crafted contents. Microsoft Security Advisory 2963983 Vulnerability in Internet Explorer Could Allow Remote Code Execution https://technet.microsoft.com/en-US/library/security/2963983 According to Microsoft, targeted attacks leveraging this vulnerability have been observed in the wild. *** Update: Added on May 2, 2014 ************************************* As of May 2, 2014, security update is released from Microsoft, and therefore we recommend applying this update. Microsoft Security Update for Internet Explorer (2965111) https://technet.microsoft.com/en-us/library/security/ms14-021 JPCERT/CC has released an alert regarding this security update. JPCERT/CC Alert regarding the Microsoft Security Bulletin (MS14-021) https://www.jpcert.or.jp/english/at/2014/at140020.html ********************************************************************** II. Affected Systems The affected versions are as follows: - Microsoft Internet Explorer 6 - Microsoft Internet Explorer 7 - Microsoft Internet Explorer 8 - Microsoft Internet Explorer 9 - Microsoft Internet Explorer 10 - Microsoft Internet Explorer 11 *** Update: Revised on May 2, 2014 *********************************** For more information, refer to Microsoft Security Bulletin (MS14-021). ********************************************************************** III. Solution *** Update: Revised on May 2, 2014 *********************************** As of May 2, 2014, security update is released from Microsoft. Please apply the security update through Microsoft Update, Windows Update, etc. as soon as possible. Microsoft Update https://www.update.microsoft.com/ Windows Update http://windowsupdate.microsoft.com/ ********************************************************************** IV. Workarounds *** Update: Added on May 2, 2014 ************************************* Workarounds will be unnecessary by installing the security update. If you applied the workaround, then you may need to undo the workaround before or after applying the security update. - If you applied the workaround to modify the Access Control List(ACL) on VGX.DLL, then you must undo this workaround before applying the security update. - If you applied the workaround to unregister VGX.DLL, you do not have to undo this workaround before applying the security update. However, the security update will not re-register vgx.dll, therefore please re-register vgx.dll. - If you applied any of the other workarounds, you do not have to undo the workaround before applying the security update. ********************************************************************** Several workarounds have been released from Microsoft. Until the security update programs is available, please consider applying the following workarounds. Please test the effects on the system before applying the workarounds. - Deploy the Enhanced Mitigation Experience Toolkit 4.1 Enhanced Mitigation Experience Toolkit https://support.microsoft.com/kb/2458544 * Note that EMET 3.0 does not mitigate this issue. - Set Internet and Local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones - Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone Workarounds on unregistering a .DLL file and enabling enhanced protected mode for Internet Explorer 11 is introduced on security advisory provided by Microsoft. For more information on workarounds, refer to Microsoft Security Advisory (2963983). V. References *** Update: Added and Revised on May 2, 2014 ************************* Microsoft Security Update for Internet Explorer (2965111) https://technet.microsoft.com/en-us/library/security/ms14-021 Microsoft Microsoft releases out-of-band update MS14-021 (Internet Explorer) to address vulnerability stated in security advisory (2963983) (Japanese) http://blogs.technet.com/b/jpsecurity/archive/2014/05/02/security-update-ms14-021-released-to-address-recent-internet-explorer-vulnerability-2963983.aspx Information-technology Promotion Agency (IPA) Measures to address vulnerability in Internet Explorer (CVE-2014-1776) (Japanese) https://www.ipa.go.jp/security/ciadr/vul/20140428-ms.html Alert regarding the Microsoft Security Bulletin (MS14-021) https://www.jpcert.or.jp/english/at/2014/at140020.html Vulnerability Note VU#222929 Microsoft Internet Explorer CMarkup use-after-free vulnerability https://www.kb.cert.org/vuls/id/222929 JVNVU#92280347 Microsoft Internet Explorer use-after-free vulnerability (Japanese) https://www.kb.cert.org/vuls/id/222929 ********************************************************************** Microsoft Security Advisory 2963983 Vulnerability in Internet Explorer Could Allow Remote Code Execution https://technet.microsoft.com/en-US/library/security/2963983 Microsoft Microsoft releases Security Advisory 2963983 http://blogs.technet.com/b/msrc/archive/2014/04/26/microsoft-releases-security-advisory.aspx Microsoft More Details about Security Advisory 2963983 IE 0day http://blogs.technet.com/b/srd/archive/2014/04/26/more-details-about-security-advisory-2963983-ie-0day.aspx If you have any information regarding this alert, please contact JPCERT/CC. ________ Revision History 2014-04-28 First edition 2014-05-02 Updated "I. Overview", "II. Affected Products", "III. Solution", "IV. Workarounds" and "V. References" ====================================================================== JPCERT Coordination Center (JPCERT/CC) MAIL: info@jpcert.or.jp TEL: +81-3-3518-4600 FAX: +81-3-3518-4602 https://www.jpcert.or.jp/english/