Microsoft’s IE is said to have a bug that is vital to protection. Three Patches in Windows were sent in to consumers. It mitigated zero-day vulnerability with the application media kit.

Microsoft turned to creative tactics to block IE attacks. They have turned to a defensive measure wherein IE has been a part of Windows OS since the launch of Windows XP. A DLL, or Dynamic Link library, called “Mshtml.dll,” which contains a rendering engine in its memory- each time that IE runs. The modification will prevent recursive loading of the CSS, which stops effectively existing attacks.

This defensive measure helps ward off this attack, which is led on by a known bug in the IE. Andrew Storms, Director of security operations was said to have commented that this was a shim in the works. Shim being a term which signifies application compatibility effectiveness. This turnaround is made possible with the windows patches.

The modified dll prevents the recursive loading of a CSS which effectively stops the attacks existing now. They first acknowledged the bug related to the CSS in IE on 22nd of December, many weeks after the French security company Vupen issued an advisory which said that all versions of the IE, including IE 8, which were quite vulnerable to an attack.

Microsoft repeatedly reported that it was actively following remedial action for the bug and the threats due to the bug. However, it also reported that the attacks were limited and the vulnerability was limited. They reportedly accepted a flaw in Windows XP, Windows Vista, Windows Server 2003 etc. versions and sent in 3 patches for Windows.

Researchers applauded the tactic and said that the move was creative.  That they liked the move because, it gets out the remedy before the patch.

The current in the wild fails to execute when the application compatibility based workaround would be used. This was confirmed by Qualys.

While Kandek expects Microsoft to ship the patch on Tuesday, the others think it will treat it as an emergency and send in a workaround soon. Users can download the shim from the Microsoft site. A link is posted in the security page.

The use of the windows kit reduces the zero-day capacity and makes the turnaround available within no time.

The tool which is part of the Windows OS since the launch of Windows XP, including those which arose on expired versions of the OS to be run on more new OS versions. Many of the investigators have praised the tactics. The comp application is being used in many unexpected ways by Microsoft.

Since then, Microsoft admitted that tracking active attacks was exploiting the bug. It repeated the warning again reporting that it was seeing only limited attacks were exploiting the vulnerability. So the patch was serving well.