Security researchers are warning about an unpatched Internet Explorer flaw as the exploit code is now widely available for hackers to use.
Exploit code has now been submitted to virustotal.com and scumware.org, whilst attacks using the flaw were seen hitting Japanese entities, perpetrated by the same hackers who hit on security firm Bit9 earlier this year.
Microsoft itself warned the flaw had been used in a limited number of targeted attacks, but now crooks across the world have easy routes to carry out malicious campaigns.
The vulnerability has likely been present since Internet Explorer 6 was released in 2001, as all versions are said to be affected. Attacks seen so far have targeted IE8 and 9, but it is not known why.
The Japanese campaign has been ongoing since at least 19 August, according to FireEye. The group using the IE exploit is believed to be Chinese and is believed to have strong backing, either from a rich private entity or a government.
“This is about to become as severe as any browser issue can be,” said Rapid7’s Ross Barrett. “There were reports of regionally restricted public exploitation of the issue, but now that the exploit code is in the wild it’s only a matter of time before it appears in commercial malware packs and broader exploitation.
“The vulnerability allows the attacker to gain the privileges of the user. All too often on Windows that means Administrator level privileges.
“The simplest way to avoid this risk is to use a browser other than Internet Explorer.”
For those users and organisations who cannot avoid Internet Explorer, which includes all of the UK government, Microsoft has a “fixit” solution, which can be found here.
Microsoft has not said whether it will issue an out-of-band patch or deliver in its next Patch Tuesday, due in three weeks’ time.
How much do you know about information security? Try our quiz and find out!
Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…
Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…