Microsoft Confirms Internet Explorer 0-Day

Outsmart Malicious Hackers


So during the past weekend, Microsoft confirmed an Internet Explorer 0-day that is actually being used in targeted online attacks.

Vulnerability in Internet Explorer Could Allow Remote Code Execution

It will be interesting to see if they push an out of band patch for this one or just wait for the next Patch Tuesday.

Internet Explorer 0-Day

It’s pretty serious as it effects the whole family including Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11.

On Saturday, late in the evening, Microsoft issued a public advisory confirming the existence of a new vulnerability in Internet Explorer that’s being used in targeted attacks online.

The vulnerability was disclosed by researchers at FireEye, who observed attacks against Internet Explorer versions 9 though 11. While criminals seem to be focused on the later releases, all versions of Internet Explorer are affected.

Exploits leveraging the use-after-free vulnerability will bypass protections in ASLR and DEP and gain code execution privileges.

In a blog post, FireEye explains:

“Threat actors are actively using this exploit in an ongoing campaign which we have named Operation Clandestine Fox. However, for many reasons, we will not provide campaign details. But we believe this is a significant zero day as the vulnerable versions represent about a quarter of the total browser market. We recommend applying a patch once available.”


The focus does seem to be on IE9 and 11 (which would be the most commonly used versions on newer operating systems (Windows 7 & 8).

EMET will help Microsoft says..

I would expect them to be pushing out a patch for this ASAP as it’s a pretty serious flaw.

In addition, FireEye researchers stated the group responsible for this exploit has had access to “a select number of browser-based 0-day exploits in the past.”

Moreover, the group is proficient at lateral movement, and have been difficult to track as they rarely reuse command and control infrastructure.

Until a patch is released, Microsoft has said that EMET will help mitigate attacks against this flaw.

Further, versions of Internet Explorer running with the default Enhanced Security Configuration are not at risk, provided that the malicious website used to target the vulnerability isn’t listed in the Trusted sites zone.

This is typically the case for Internet Explorer on Windows Server 2003, Windows Server 2008 (and 2008 R2), and Windows Server 2012 (and 2012 R2).

Microsoft hasn’t said if they will release an out-of-cycle patch for this flaw, only that they’ll take the “appropriate action” once the investigation is completed.

The next Patch Tuesday is due almost two weeks from now on Tuesday 13th May 2014, so that’s a fair bit of exposure if this exploit goes public.

We shall have to wait and see what happens, knowing Microsoft – not a lot.

Source: Network World

Posted in: Exploits/Vulnerabilities, Windows Hacking

, , , , , ,


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


Comments are closed.