Internet Explorer Zero-Day Exploit Code ‘Widely Available’

Security researchers are warning about an unpatched Internet Explorer flaw as the exploit code is now widely available for hackers to use.

Exploit code has now been submitted to virustotal.com and scumware.org, whilst attacks using the flaw were seen hitting Japanese entities, perpetrated by the same hackers who hit on security firm Bit9 earlier this year.

Microsoft itself warned the flaw had been used in a limited number of targeted attacks, but now crooks across the world have easy routes to carry out malicious campaigns.

Internet Explorer attacks

The vulnerability has likely been present since Internet Explorer 6 was released in 2001, as all versions are said to be affected. Attacks seen so far have targeted IE8 and 9, but it is not known why.

The Japanese campaign has been ongoing since at least 19 August, according to FireEye. The group using the IE exploit is believed to be Chinese and is believed to have strong backing, either from a rich private entity or a government.

“This is about to become as severe as any browser issue can be,” said Rapid7’s Ross Barrett. “There were reports of regionally restricted public exploitation of the issue, but now that the exploit code is in the wild it’s only a matter of time before it appears in commercial malware packs and broader exploitation.

“The vulnerability allows the attacker to gain the privileges of the user. All too often on Windows that means Administrator level privileges.

“The simplest way to avoid this risk is to use a browser other than Internet Explorer.”

For those users and organisations who cannot avoid Internet Explorer, which includes all of the UK government, Microsoft has a “fixit” solution, which can be found here.

Microsoft has not said whether it will issue an out-of-band patch or deliver in its next Patch Tuesday, due in three weeks’ time.

How much do you know about information security? Try our quiz and find out!