Diskless” Internet Explorer zero-day attack discovered in the wild


Windows security holeSecurity researchers at FireEye have warned of new zero-day vulnerabilities in versions of Internet Explorer that are being actively exploited to infect computers in drive-by attacks.

On Friday, FireEye first reported the discovery of the newly discovered vulnerabilities, that are not yet patched by Microsoft.

According to FireEye, the vulnerabilities are present in various versions of Internet Explorer 7, 8, 9 and 10, running Windows XP or Windows 7.

(Note to readers: the security flaws are different from the current TIFF image zero-day vulnerability which Microsoft is also trying to patch. Those guys in Redmond are certainly being kept busy this month…)

FireEye says that the flaws it has uncovered work in the usual “drive-by download” fashion - requiring internet surfers to simply visit an infected website on a vulnerable computer to have it silently infected.

In a follow-up post, however, FireEye researchers have looked much deeper into the threat, claiming that the malicious payload loads directly into computers’ memory, bypassing the hard drive.

The “diskless” nature of the threat poses extra challenges for companies attempting to determine if any of their computers have been compromised.

On the positive side, of course, rebooting the computers would mean that they were no longer infected. But without knowledge that their systems had been compromised, how are organisations supposed to know that sensitive data might have been stolen?

FireEye says that it has discovered that one website spreading the attack was likely to have strategically significant users visiting its pages.

Specifically, the attackers inserted this zero-day exploit into a strategically important website, known to draw visitors that are likely interested in national and international security policy.

FireEye says it has notified Microsoft’s security team of the vulnerability, and it is to be hoped that a patch is forthcoming sooner rather than later. In the meantime, companies can protect their systems by installing the latest version of Microsoft EMET.

By the way, you’ll note that once again computers running Windows XP is one of the victims of this attack. From April 2014, there will be *no* *more* *security* *updates* coming from Microsoft for Windows XP, which means you’ll be left high and dry if you’re still using the ageing operating system after that date.

Don’t delay - upgrade from Windows XP to something else as soon as possible if you value your security.

Learn more about the attack in FireEye’s blog post, and read more commentary about the threat in this report from Ars Technica.

Update: Microsoft to patch actively-exploited zero-day flaw on Tuesday

Tags: , , ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, , ,

No comments yet.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.