A new zero-day vulnerability has been found in all versions of Internet Explorer, and is being actively exploited in targeted attacks according to security firm FireEye.
The attack has been dubbed “Clandestine Fox” by FireEye, who say that every single version of Internet Explorer – from version IE 6 to 11 – is blighted by the flaw, which has not yet been patched by Microsoft.
It certainly is worrying news for users of Internet Explorer, which is said to have 26.25% share of the browser market.
The exploit seen by FireEye has reportedly targeted users of Internet Explorer 9 and higher, although clearly there are concerns that the remote code execution vulnerability could be weaponised in the other vulnerable versions of IE too.
Microsoft has issued a security advisory regarding the flaw, which it calls CVE-2014-1776:
The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.
In other words, you as a user don’t have to do anything odd to get your Windows computer infected by malware spread via this exploit. All you need to do is visit a website that has been poisoned by the hackers using a version of Internet Explorer.
What you won’t find any mention of in Microsoft’s warning, notably, is Windows XP. That’s not because it’s immune to attack. It’s because, Microsoft released its last ever security patches for Windows XP on April 8 2014.
As such, this is worth saying out loud (or at least in bold): If you are still running Windows XP you will never receive a patch for this zero-day vulnerability.
Don’t say you weren’t warned. Microsoft told the world it would stop releasing XP security updates a full seven years ago.
For now, Microsoft is recommending that Internet Explorer users install its free Enhanced Mitigation Experience Toolkit (EMET) to harden security of Windows systems.
Alternatively, you could consider using an alternative web browser like Chrome, Firefox, Opera, etc… That’s not to say that these Internet Explorer competitors don’t, from time to time, have security issues of their own, of course, but while you’re waiting for a proper fix from Microsoft it might be a course of action worth considering.
Hopefully Microsoft will release a proper fix sooner rather than later. In fact, I wouldn’t be surprised if they pull out all the stops and attempt to issue an out-of-band patch before too much harm is done.
Why has the attack been called “Clandestine Fox”? Well, that’s a question that is best known to FireEye (and possibly related to how almost *every* threat that passes through a security vendor’s marketing department in the run-up to a major security conference needs a sexy media-friendly name).
One thing is for sure, “Clandestine Fox” is a lot more memorable than CVE-2014-1776.
- New Zero-Day Exploit targeting Internet Explorer Versions 9 through 11 Identified in Targeted Attacks – FireEye.
- Microsoft Security Advisory 2963983 – Vulnerability in Internet Explorer Could Allow Remote Code Execution
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.