Microsoft Internet Explorer 0-Day (CVE-2014-1776)

A zero-day vulnerability in Microsoft Internet Explorer, CVE-2014-1776, was recently discovered when it was used as part of a targeted attack. Despite being an exploit for Internet Explorer, the attack used a Flash file to deliver the malicious code and execute it in the browser.

Samples from the attack recently became available, allowing us to confirm and reassure our customers that Trustwave Secure Web Gateway was able to protect them against this attack provided that it was up-to-date at the time of the attack. The attack is blocked by the policy rule "Block Malicious Content (Malware Entrapment Engine)." Please ensure that you enable this rule in your policy. We also highly recommend installing "Security Update 167" which includes additional protection developed specifically for this vulnerability.

IDS/IPS signatures were also released for this vulnerability last week.

Trustwave reserves the right to review all comments in the discussion below. Please note that for security and other reasons, we may not approve comments containing links.