Update: Microsoft has announced that the patch for zero day exploit found in Internet Explorer is ready and will be released Today (Nov 12th) at approximately 10:00 AM PDT.
Post Updated (Jan 2, 2016): Fireeye has now removed the blog on their website
Less than 3 days ago, we published a post where Microsoft clarified the information about the zero day exploit found in Microsoft Office versions 2003, 2007 and 2010. Although Microsoft did provide a workaround to prevent the machine from being targeted, an official security patch is yet to be released. And while Microsoft is still busy working on that patch, Researchers have uncovered a new zero day exploit, this time in Internet Explorer.
There were 2 different vulnerabilities found in Internet Explorer, one of them can affect Windows XP with IE 8 and Windows 7 with IE 9. The second vulnerability is more severe affecting Internet Explorer versions 7,8,9 and 10 running on Windows XP and 7. According to the researchers at FireEye Labs who discovered these vulnerabilities say that as per Microsoft’s feedback, the second zero day exploit can be mitigated by using the Enhanced Mitigation Experience Toolkit. FireEye originally published the post on November 8th, only a day after Microsoft published an update regarding the zero day exploit found in Office. Yesterday, however, FireEye published more details on the vulnerabilities found in Internet Explorer.
FireEye researchers say that the exploit was hosted in a “strategically important website” based in the U.S, the website mainly attracts visitors who are interested in information about “national and international security policy”. The blog further explains about that attack saying, “the attackers loaded the payload used in this attack directly into memory without first writing to disk – a technique not typically used by advanced persistent threat (APT) actors. This technique will further complicate network defenders’ ability to triage compromised systems, using traditional forensics methods”, which according to the researchers prove the fact that the attackers are highly skilled and are very confident about their resources and skills. FireEye researchers found similarities on the infrastructure used in this attack, to another recently carried attack in the campaign they labeled as “Operation DeputyDog”.
Owing to the fashion in which the attack is being carried out, the researchers have come to the conclusion that, “this campaign has proven to be exceptionally accomplished and elusive” pointing out that the attackers are “clearly learning and employing new tactics” and will not stop. The researchers expect they (the attackers) will “continue to evolve and launch new campaigns for the foreseeable future”.
The Microsoft Security Response Center has yet to publish its own post to provide any update on the matter. It is inevitable that Microsoft stands to lose more Internet Explorer users due to this issue which have already fallen a lot in the recent years. However, If you are still an Internet Explorer user and are using Windows 7, we would recommend you to upgrade to the Internet Explorer 11 released only last week which seems to have remained unaffected so far. For other who cant, you can always move onto the other prominent browsers of course. As for the zero day exploit affecting the Office users, you can check the available workaround for now, which prevents your machine from being targeted. We will update you once we have more information on both (Office and Internet Explorer) these issues.
Source: ArsTechnica , FireEye
Photo Credit – J.M./Flickr