Internet Explorer Exposed By New Zero-Day Flaw

Microsoft‘s security team has a fresh headache: Internet Explorer (IE) web browser is being attacked via a previously unknown flaw, and many of the victims are visitors to a major US website  catering for American military veterans.

The new IE zero-day exploit affects Internet Explorer 10, and has been found infecting visitors to a  breached website based in the US, aqccording to  a blog posting  bycyber-security software maker FireEye. The attack was revealed just days after Microsoft issued an unexpected patch which addressed 24 other flaws with the Internet Explorer browser. 

Watering hole attack

“It’s a brand new zero-day that targets IE 10 users visiting the compromised website – a classic drive-by download attack,” said Fireeye. “Upon successful exploitation, this zero-day attack will download a XOR encoded payload from a remote server, decode and execute it.”

FireEye said it was warning the general public and that is collaborating with the Microsoft Security team on research activities. The flaw does not affect the latest version – Internet Explorer 11 – but it does also apparently affect Internet Explorer 9. Microsoft is therefore advising users to upgrade to IE 11 as soon as possible. The Microsoft Enhanced Mitigation Experience Toolkit security tool does offer some protection for those users who have installed it, Microsoft says.

But in the meantime it is reported that hundreds or thousands of machines have been infected.

Fireeye researchers say that hackers have broken “into the website of US Veterans of Foreign Wars (VFW) and inserted a link that redirected visitors to a malicious web page that contained the infectious code in Adobe Systems Inc’s Flash software,” according to Reuters.

The attackers were probably seeking information from the machines of former and current military personnel, FireEye says, pointing out  that the campaign shared some infrastructure and techniques previously attributed to groups in mainland China. The attackers could be working for a foreign government and looking for military intelligence, said FireEye’s Darien Kindlund.

Cyber Espionage?

Microsoft has confirmed it is aware of the targeted attacks, and promised to take action to protect consumers.

The news of a previously unknown flaw in IE being exploited in the wild comes just days after Microsoft released a large Patch Tuesday security update.

That update surprised many industry watchers, as it included an  IE update that addressed no less than 24 vulnerabilities. Observers were surprised because Microsoft had not followed its usual practice of forewarning system administrators about the IE patch in its advance notification process.

And now it seems there was still one more flaw which slipped through the net.

Are you a security expert? Try our quiz!