It’s nice that Microsoft can keep guys like me busy. Luckily, exploitation of their latest zero-day weakness seems to be limited (so far) to an advanced persistent threat (APT) attack targeting users of a specific national and international security policy website. This particular exploit is being delivered in a traditional “drive-by” attack when users of the English-version of Internet Explorer (specifically IE 7 and 8 on Windows XP, and IE 8 on Windows 7) visit this website. What distinguishes it from past threats is this malware’s ability to write malicious code directly to memory and then execute without writing to disk, a technique that makes detection and remediation much more difficult.
Microsoft intends to release a patch for this vulnerability as early as tomorrow (Nov 12). This is very fast for someone like Microsoft, and may be an indication of how serious this particular vulnerability might be.
What this means for you:
Though the exploit seems to be narrowly targeted at the moment, security researches say it wouldn’t be hard to manipulate the existing attack software to affect all versions of IE from 7 through 10, and any language in which IE is distributed. Assuming you have the leeway to do so, I still recommend using another browser like Chrome or Firefox, which still have a better track record when it comes to catching and patching weaknesses like the above. If you are required to use IE, make sure Windows Update is functional, and that you apply all critical and important updates as they are downloaded to your computer. Larger companies may control how frequently Windows Updates are applied in their enterprise, but don’t be afraid to ask your resident IT representative if they are taking steps to keep Internet Explorer safe for your use.
As predicted, the zero-day flaw in multiple versions of Microsoft’s web browser, Internet Explorer, is now being actively exploited by multiple APT (Advanced Persistent Threat) groups in attacks that are targeting large numbers of people. The most publicized and successful of these attacks have been focused on government websites. Their primary purpose: to install rootkits on government worker machines to facilitate access to confidential government documents. On top of the growing number of attacks leveraging this weakness, the Metasploit framework (an open source hacking tool used by security researchers and white-hat hackers) just released a module to the public that demonstrates how this security flaw can be used to hack IE, theoretically making it even easier for malicious agents to understand and develop their own exploits. Microsoft has yet to say when a patch will be released to fix this weakness, which affects just about every version of IE from 6 through 10.
What this means for you:
If you are using Internet Explorer, whether by corporate mandate or by choice, make sure you’ve applied Microsoft’s temporary fix, or ask your IT guy if they’ve distributed the fix throughout the company. If you work for the government, either as an employee or contractor, be extra wary of strange behavior on your computer, and ensure that your antimalware software is fully functional and up to date.
If you are using some other browser, you don’t have to worry about this particular exploit, but as always, remain ever vigilant and make sure your OS, software and antimalware are fully patched!