New zero-day exploit attack sees Internet Explorer in the line of fire. No fix from Microsoft yet

Internet ExplorerWatch out folks.

A new zero-day vulnerability has been found in all versions of Internet Explorer, and is being actively exploited in targeted attacks according to security firm FireEye.

The attack has been dubbed “Clandestine Fox” by FireEye, who say that every single version of Internet Explorer – from version IE 6 to 11 – is blighted by the flaw, which has not yet been patched by Microsoft.

It certainly is worrying news for users of Internet Explorer, which is said to have 26.25% share of the browser market.

Sign up to our free newsletter.
Security news, advice, and tips.

The exploit seen by FireEye has reportedly targeted users of Internet Explorer 9 and higher, although clearly there are concerns that the remote code execution vulnerability could be weaponised in the other vulnerable versions of IE too.

Microsoft has issued a security advisory regarding the flaw, which it calls CVE-2014-1776:

The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.

In other words, you as a user don’t have to do anything odd to get your Windows computer infected by malware spread via this exploit. All you need to do is visit a website that has been poisoned by the hackers using a version of Internet Explorer.

What you won’t find any mention of in Microsoft’s warning, notably, is Windows XP. That’s not because it’s immune to attack. It’s because, Microsoft released its last ever security patches for Windows XP on April 8 2014.

As such, this is worth saying out loud (or at least in bold): If you are still running Windows XP you will never receive a patch for this zero-day vulnerability.

Don’t say you weren’t warned. Microsoft told the world it would stop releasing XP security updates a full seven years ago.

For now, Microsoft is recommending that Internet Explorer users install its free Enhanced Mitigation Experience Toolkit (EMET) to harden security of Windows systems.

Alternatively, you could consider using an alternative web browser like Chrome, Firefox, Opera, etc… That’s not to say that these Internet Explorer competitors don’t, from time to time, have security issues of their own, of course, but while you’re waiting for a proper fix from Microsoft it might be a course of action worth considering.

Hopefully Microsoft will release a proper fix sooner rather than later. In fact, I wouldn’t be surprised if they pull out all the stops and attempt to issue an out-of-band patch before too much harm is done.

Why has the attack been called “Clandestine Fox”? Well, that’s a question that is best known to FireEye (and possibly related to how almost *every* threat that passes through a security vendor’s marketing department in the run-up to a major security conference needs a sexy media-friendly name).

One thing is for sure, “Clandestine Fox” is a lot more memorable than CVE-2014-1776.

Further reading:


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “New zero-day exploit attack sees Internet Explorer in the line of fire. No fix from Microsoft yet”

  1. Mike

    Has anyone resolved 0-day issue yet?

    Send prompt patch alert ASAP!

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.