Microsoft Issues Workaround for Actively Exploited 0-Day IE Vulnerability

Microsoft is investigating reports of a zero-day Internet Explorer vulnerability being exploited in the wild and has released a workaround for customers to protect themselves until a permanent patch is ready.

The vulnerability, identified as CVE-2010-3971, was originally reported on the Full Disclosure mailing list on December 8 as a denial of service condition.

However, vulnerability researchers who later analyzed it, discovered that it can also be exploited to execute arbitrary code.

The flaw stems from a use-after-free memory error within the "mshtml.dll" library and affects all versions of Internet Explorer running on all supported Windows variants.

A group called Abysssec Security Research developed a working exploit capable of bypassing the DEP and ASLR protection mechanisms and added it to the Metasploit open source penetration testing framework.

Under these conditions it was only a matter of time until malware authors began targeting the vulnerability and postponing a patch increases the chances of more attacks being launched.

Microsoft did, however, release a workaround yesterday, in the form of a "Fix It" tool that companies can deploy throughout their networks.

"This Fixit solution adds a check to check whether a cascading style sheet is about to be loaded recursively. If this is the case, the Fixit solution cancels the loading of the cascading style sheet," the description reads.

Deploying it requires that security update 2416400, released last month and covered in the MS10-090 security bulletin, is installed.

The workaround introduces a small performance degradation of about 150 ms when loading CSS files, and it is strongly recommended to be uninstalled before applying the security fix, when it will be ready.

In related news, yesterday, Microsoft released fixes for three vulnerabilities. One is located in the Windows Backup Manager and affects Windows Vista (MS11-001), while the other two are in the Microsoft Data Access Components and affect all supported Windows versions to various degrees (MS11-002).