2 stories
today

New zero day exploit bypasses security protections, affects Internet Explorer 7 to 10

New zero day exploit bypasses security protections, affects Internet Explorer 7 to 10

Internet Explorer may be touted by Microsoft as the most secure browser compared to the competition, but that doesn’t stop the hackers from doing what they do best. According to a new report, a new zer-day exploit has been discovered affecting Internet Explorer 7 to Internet Explorer 10.

Affecting Windows XP and Windows 7, these attacks are able to bypass the security protections that Microsoft has put in place with newer versions of Internet Explorer. The exploit bypasses these measures by exploiting two flaws. One of the flaws allows an attacker to access and control the computer’s memory and the other flaw snags the timestamp from the programs executable header, which in return will be sent back to the attacker’s service to choose the exploit with a ROP chain specific to that version of msvcrt.dll.

It appears that this exploit is part of an advanced persistent threat (APT). These hackers, being clever, inserted this exploit into an important website that deals with national/international security policy.

“Specifically, the attackers inserted this zero-day exploit into a strategically important website, known to draw visitors that are likely interested in national and international security policy.  Furthermore, the attackers loaded the payload used in this attack directly into memory without first writing to disk – a technique not typically used by advanced persistent threat (APT) actors. This technique will further complicate network defenders’ ability to triage compromised systems, using traditional forensics methods,” the report from security firm FireEye stated.

“The exploit targets the English version of Internet Explorer, but we believe the exploit can be easily changed to leverage other languages. Based on our analysis, the vulnerability affects IE 7, 8, 9 and 10,” FireEye adds.

Microsoft has yet to offer a security fix for this zero-day flaw. You can read more in-depth details about this flaw at the source link below.

Further reading: , ,