New Zero-Day exploit found in IE 8, Microsoft working on the patch

By Darshik Jariwala - May, 7th 2013

A new Zero-Day exploit (vulnerability) was uncovered in IE 8 by security experts which allow hackers to gain access in to Windows Operating Systems. Microsoft said they are aware about the issue and are also working on its patch at the moment.

A Zero Day exploit is a kind of attack which exploits an unknown vulnerability in an application. Apart from the attacker or group of attackers, not even the developer of the application knows about the vulnerability in their own application, until the day of attack. Some attacks are carried out the very day the exploit is known publicly. Hence the term Zero day.

Microsoft confirmed that other versions of IE which include 7, 9 and 10 remain unaffected from the issue. The last patch for IE 8 was issued some 3 months ago which patched some security bugs but security experts assure that the latest zero-day vulnerability was not covered as Microsoft at the time was not aware about the such loophole in the software.

KrebsonSecurity stressing on the fact that the issue is more grave than it appears saying, “Complicating matters further, computer code that can be used to reliably exploit the flaw is now publicly available online”. Furthermore, a module which exploits this vulnerability is also available for Metasploit Framework, a Penetration Testing tool freely available which is also used by security experts around the world.

The next security update to be shipped by Microsoft is scheduled for May 14^th, on Tuesday. Meanwhile Microsoft urges its users to upgrade IE to version 9 if they are using Windows Vista; Windows 7 users can upgrade to version 9 or 10. Unfortunately Windows XP users may have to migrate to a different browser such as Chrome or Firefox or Safari. However, they may have to use the older version of those as the newer ones might not support XP too.

The watering hole attack was originally designed to infect the government machines, however, with the computer code now publicly available; it may also be redesigned increasing the scope of target to very large scale. The attack is called watering hole as the code is specifically placed on the websites which are very frequently visited by the targets (specific users or machines) and tricks them or lures them into downloading the malicious software which infects and compromises their systems.

The attack has already been carried out against U.S. Department of Labor and U.S. Department of Energy website users. In this case the software used by hackers to infect was Poison Ivy, which is used to create a backdoor entry. The page tampered with was Site Exposure Matrices (SEM), which contains information about the toxic substances at U.S. Department of Energy facilities, said security vendors AlienVault and Invincea. The targeted users were the employees who worked in the nuclear weapons programs.

Invincea was in fact the first to report about the vulnerability, a security engineer at Invincea reported in the blog post, “we have concluded that the vulnerability targeted during this attack campaign was not CVE-2012-4792 as we originally reported. Instead the exploit on the DoL site appears to be exploiting a zero-day exploit affecting Internet Explorer 8 (IE8) only use-after-free memory vulnerability that when exploited allows an attacker to remotely execute arbitrary code.”

Apart from updating your Anti-Virus and Microsoft security update patches (as soon as Microsoft makes it available), you may also check out the Enhanced Mitigation Experience Toolkit (EMET) provided by Microsoft which further enhances your security and makes it more difficult for hackers to gain access to the machine. EMET requires Windows XP service pack 3 and above, Windows Vista service pack 1 and above, Windows 7 all service packs. Symantec also said that they are working for further protections for the new-found vulnerability and will make them available for their users as soon as the patch is ready.

Photo Credit – Javier Aroche/Flickr