Blogs & Stories

SpiderLabs Blog

Attracting more than a half-million annual readers, this is the security community's go-to destination for technical breakdowns of the latest threats, critical vulnerability disclosures and cutting-edge research.

Microsoft Internet Explorer 0-Day (CVE-2014-1776)

A zero-day vulnerability in Microsoft Internet Explorer, CVE-2014-1776, was recently discovered when it was used as part of a targeted attack. Despite being an exploit for Internet Explorer, the attack used a Flash file to deliver the malicious code and execute it in the browser.

Samples from the attack recently became available, allowing us to confirm and reassure our customers that Trustwave Secure Web Gateway was able to protect them against this attack provided that it was up-to-date at the time of the attack. The attack is blocked by the policy rule "Block Malicious Content (Malware Entrapment Engine)." Please ensure that you enable this rule in your policy. We also highly recommend installing "Security Update 167" which includes additional protection developed specifically for this vulnerability.

IDS/IPS signatures were also released for this vulnerability last week.