Monday, March 15, 2010

Microsoft Issues Fix-It Workaround for IE Zero-Day

Via -

Microsoft has released a one-click "fix-it" workaround to help Internet Explorer users block malware attacks against an unpatched browser vulnerability.

The Fix-It workaround, available here, effectively disables peer factory in the iepeers.dll binary in affected versions of Internet Explorer.

The workaround comes on the heels of the public release of exploit code into the freely available Metasploit pen-testing framework.

Microsoft acknowledged the availability of exploit code for the issue and again urged users to upgrade to Internet Explorer 8, which is not vulnerable to this issue.

The company urged IE users to test the Fix-It workaround thoroughly before deploying as certain functionality that depends on the peer factory class, such as printing from Internet Explorer and the use of web folders, may be affected.

Microsoft also confirmed it is considering an out-of-band emergency patch to correct the underlying flaw.


Last week, I disabled the peer factory class by editing the registry keys for iepeers.dll, as suggested int the workaround section of Microsoft Security Advisory (981374)...and have seen very little problems. I made a backup registry file of the key, so the change could be easily reversed when a proper patch is released.

According to the information above, it sounds like this Microsoft "Fix-It" workaround is using the same technique.

No comments:

Post a Comment