Incident Response, TDR, Vulnerability Management

IE exploit added to Angler EK, beats MemProtect mitigation

An older exploit targeting an Internet Explorer use-after-free (UAF) vulnerability has been modified by attackers and, worse yet, added to a popular exploit kit (EK).

Dan Caselden, a senior malware researcher at FireEye, blogged about the development on Friday, revealing that the IE exploit, first demonstrated by k33nteam in October, had caught the attention of exploit authors.

Caselden added that the bug (patched by Microsoft's MS14-056 bulletin) is now exploitable via a modified attack which can beat Memory Protection (MemProtect), a mitigation introduced by Microsoft last July that helps deflect attacks leveraging use-after-free vulnerabilities.

Researchers spotted the IE attack in the wild, because the exploit had been added to the Angler EK.

“Thankfully, the exploitation technique does not include a generic bypass for MemProtect,” Caselden wrote, adding that the UAF bug had a MSHTML!CTitleElement that MemProtect “was not designed to mitigate.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.