Categories: SecurityWorkspace

Internet Explorer Zero-Day Exploit Code ‘Widely Available’

Security researchers are warning about an unpatched Internet Explorer flaw as the exploit code is now widely available for hackers to use.

Exploit code has now been submitted to virustotal.com and scumware.org, whilst attacks using the flaw were seen hitting Japanese entities, perpetrated by the same hackers who hit on security firm Bit9 earlier this year.

Microsoft itself warned the flaw had been used in a limited number of targeted attacks, but now crooks across the world have easy routes to carry out malicious campaigns.

Internet Explorer attacks

The vulnerability has likely been present since Internet Explorer 6 was released in 2001, as all versions are said to be affected. Attacks seen so far have targeted IE8 and 9, but it is not known why.

The Japanese campaign has been ongoing since at least 19 August, according to FireEye. The group using the IE exploit is believed to be Chinese and is believed to have strong backing, either from a rich private entity or a government.

“This is about to become as severe as any browser issue can be,” said Rapid7’s Ross Barrett. “There were reports of regionally restricted public exploitation of the issue, but now that the exploit code is in the wild it’s only a matter of time before it appears in commercial malware packs and broader exploitation.

“The vulnerability allows the attacker to gain the privileges of the user. All too often on Windows that means Administrator level privileges.

“The simplest way to avoid this risk is to use a browser other than Internet Explorer.”

For those users and organisations who cannot avoid Internet Explorer, which includes all of the UK government, Microsoft has a “fixit” solution, which can be found here.

Microsoft has not said whether it will issue an out-of-band patch or deliver in its next Patch Tuesday, due in three weeks’ time.

How much do you know about information security? Try our quiz and find out!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

2 hours ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

4 hours ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

19 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

21 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

23 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

24 hours ago