Over the weekend, on April 26, Microsoft released an advisory about an Internet Explorer use-after-free zeroday vulnerability, CVE-2014-1776, that is being exploited in the wild. The vulnerability lies within MSHTML.dll, and affects Internet Explorer 6 through 11. According to FireEye, attacks have been spotted in the wild targeting Internet Explorer 9 through 11. The observed attacks rely on an exploit for Adobe Flash, which targets a now patched vulnerability, CVE-2014-0515. Exploiting the Flash vulnerability allowed attackers to bypass ASLR and DEP (security protection mechanisms). Microsoft has released an out-of-band patch to address this vulnerability, MS14-021. Install this patch as soon as possible to address this vulnerability. To mitigate this vulnerability, users are encouraged to apply the following workarounds until the patch can be applied. • Configure EMET 4.1 or 5.0 to protect Internet Explorer. This was observed to mitigate exploitation of this vulnerability. • Use Enhanced Protected Mode in IE (available in 10 and higher). • Upgrade the Flash browser plugin to 13.0.0.206 for Windows/Mac and 11.2.202.356 for Linux. • If you are unable to upgrade Flash, then disable the Flash browser plugin. Retina has audits available to detect vulnerable Internet Explorer and Flash player installations: • 33939 - Microsoft Internet Explorer Use-After-Free (KB2965111) - IE6 XP32 • 33940 - Microsoft Internet Explorer Use-After-Free (KB2965111) - IE6 XP64/2K3/2K364 • 33941 - Microsoft Internet Explorer Use-After-Free (KB2965111) - IE6 XP64/2K364 x64 • 33942 - Microsoft Internet Explorer Use-After-Free (KB2965111) - IE7 • 33943 - Microsoft Internet Explorer Use-After-Free (KB2965111) - IE7 x64 • 33944 - Microsoft Internet Explorer Use-After-Free (KB2965111) - IE8 XP/2003 • 33945 - Microsoft Internet Explorer Use-After-Free (KB2965111) - IE8 XP/2003 x64 • 33946 - Microsoft Internet Explorer Use-After-Free (KB2965111) - IE8 • 33947 - Microsoft Internet Explorer Use-After-Free (KB2965111) - IE8 x64 • 33948 - Microsoft Internet Explorer Use-After-Free (KB2965111) - IE9 • 33949 - Microsoft Internet Explorer Use-After-Free (KB2965111) - IE9 x64 • 33950 - Microsoft Internet Explorer Use-After-Free (KB2965111) - IE10 • 33951 - Microsoft Internet Explorer Use-After-Free (KB2965111) - IE10 x64 • 33952 - Microsoft Internet Explorer Use-After-Free (KB2965111) - IE11 • 33953 - Microsoft Internet Explorer Use-After-Free (KB2965111) - IE11 x64 • 33877 - Adobe APSB14-13: Flash Player - IE for Windows XP/2003/Vista/2008/7 • 33878 - Adobe APSB14-13: Flash Player - IE for Windows 8/2012/8.1/2012 R2 • 33879 - Adobe APSB14-13: Flash Player - Other Browsers for Windows • 33880 - Adobe APSB14-13: Flash Player - Linux • 33881 - Adobe APSB14-13: Flash Player - Mac OS X Revisions 2014-04-29: Original Post 2014-05-01: Added Notice of Out-Of-Band Patch Release, MS14-021 2014-05-01: Removed Zero-Day audit 33867. 2014-05-01: Added KB2965111 audits.