Late on Saturday evening, Microsoft publicized that there was a vulnerability in each of the versions of Internet Explorer from 6 to 11 that were being used in limited, targeted hacker attacks and it is serious. They stated they were investigating the weakness but had not yet figured out what course of action they would take in response or when.
They are calling the flaw “Zero Day” and consider it extremely serious. It is believed that the vulnerability may have affected nearly 60 percent of the world’s web browsers that are in use at the present time.
All versions of Internet Explorer listed above are considered to be at risk as well as any supported versions of Windows other than Server Core. Windows Server versions on which IE runs in the default Enhanced Security Configuration are not considered at risk unless an affected site was to be placed in the IE Trusted sites zone.
The specific exploit, according to the security and research firm FireEye, is using an Adobe Flash file to control the heap with a procedure called heap feng shui. This implies that systems which do not have Flash installed are possibly not vulnerable to the specific activity, although they are to the underlying weakness in IE even though Microsoft has not said so. Internet Explorer 10 and 11 both come with Flash already implanted, so they are at risk by default.
Microsoft has yet to say if they will release an out-of-cycle patch for such a flaw, just that they plan to take the appropriate action once the investigation has been fully completed.
The remote code execution vulnerability, which means in layperson’s terms, that a corrupt individual can take a target computer and run software after a successful attack. The vulnerability may disrupt computer memory in a way that may allow an attacker to implement haphazard code in the context of the current user within IE. The phrase “arbitrary code” means basically any software that the attacker wants to run.
FireEye explains in more detail that in Flash, the Adobe software may be misused by using some sort of technique to gain control of a computer’s memory, where malevolent code can be placed. As for who is behind these action, FireEye is not going into much detail at the present time. However they will say it is an APT Group, meaning an “Advanced Persistent Threat” group. FireEye mostly reserves that labeling for only the most serious and technically advanced attackers.
FireEye stated that the APT group behind this abuse has been the first group to access a select number of browser-based Zero-Day exploits. They are very skilled at sideways movement and are extremely hard to track, as they normally do not reuse any control infrastructures.
FireEye added that the same group was believed to have been linked to a backdoor susceptibility which was called Pirpi which came on the scene back in 2010. EMET, which is the Enhanced Mitigation Experience Toolkit, will hopefully also help make things much more difficult for the group to exploit the vulnerability.
Saturday evening, Microsoft announced to the public that there was indeed a vulnerability in each of the versions of Internet Explorer from 6 to 11 that were being used in limited, targeted hacker attacks and it is serious. They explained they had begun investigating the weakness but had not yet figured out what course of action they would take in response or when.
By Kimberly Ruble