Microsoft blocked IE attacks with smart tactics

TipsMake.com - Last Tuesday, Microsoft has provided users with an 'add-on' application - Shim - capable of blocking attacks aimed at IE when they exploit an error discovered last month. .

Andrew Storms - director of security operations at nCircle Security - said ' Shim for IE is news of the day. We do not expect a patch for IE nor wait for Shim '.

Shim is the term used to describe a compatible solution application. Storms found it consistent with the temporary patch yesterday because Microsoft used the Windows Application Compatibility Toolkit to modify IE so it would help avoid attacks by an error in the way this browser handles a CSS file (Cascading Style Sheets).

According to Storms, this is the first time it has used the Application Compatibility Toolkit to patch a zero-day error.

This tool, which has been part of Windows since Windows XP, was designed to allow older applications, including applications created for outdated versions of the operating system, to run. on the new version of Windows operating system.

Microsoft's solution is to use the Application Compatibility Toolkit to modify the main library of IE - a DLL or Dynamic-Link library named Mshtml.dll, containing translation technology - in memory each time IE runs. This edit will prevent recursive downloads of a CSS, effectively blocking current attacks.

Storms said: ' The fact that Microsoft uses the App Comp is really a surprising way. They have just regenerated it to help prevent zero-day errors. In short, they can use anything in their 'ammunition '.

Other researchers agree with this new strategy.

Wolfgang Kandek, chief technology officer of security firm Qualys, expressed his opinion: ' This is too creative. We like it because it will fix errors faster than a real patch . '

Qualys yesterday also confirmed that after applying this solution, the current errors are no longer executable.

Storms said: ' Another interesting thing is that you won't have to uninstall the shim before installing the patch, even if the message appears .'

Kandek hopes that Microsoft will close IE's vulnerability on February 8 in its monthly patch. However, Storms said that the launch of the shim is a good sign that Microsoft will provide in an emergency, updating the browser ever.

Microsoft first discovered CSS errors in IE on December 22, a few weeks after the French security firm, Vupen, published an important study that said all versions of IE, including IE8 can be hacked.

Since then, Microsoft has acknowledged that it is monitoring active attacks aimed at exploiting this vulnerability. This was reiterated yesterday, once again asserting that it can only "limit attacks aimed at exploiting this vulnerability."

Users can download IE from Microsoft homepage or right here.