“Diskless” Internet Explorer zero-day attack discovered in the wild

Graham Cluley
Graham Cluley
@[email protected]

Windows security holeSecurity researchers at FireEye have warned of new zero-day vulnerabilities in versions of Internet Explorer that are being actively exploited to infect computers in drive-by attacks.

On Friday, FireEye first reported the discovery of the newly discovered vulnerabilities, that are not yet patched by Microsoft.

According to FireEye, the vulnerabilities are present in various versions of Internet Explorer 7, 8, 9 and 10, running Windows XP or Windows 7.

(Note to readers: the security flaws are different from the current TIFF image zero-day vulnerability which Microsoft is also trying to patch. Those guys in Redmond are certainly being kept busy this month…)

Sign up to our free newsletter.
Security news, advice, and tips.

FireEye says that the flaws it has uncovered work in the usual “drive-by download” fashion – requiring internet surfers to simply visit an infected website on a vulnerable computer to have it silently infected.

In a follow-up post, however, FireEye researchers have looked much deeper into the threat, claiming that the malicious payload loads directly into computers’ memory, bypassing the hard drive.

The “diskless” nature of the threat poses extra challenges for companies attempting to determine if any of their computers have been compromised.

On the positive side, of course, rebooting the computers would mean that they were no longer infected. But without knowledge that their systems had been compromised, how are organisations supposed to know that sensitive data might have been stolen?

FireEye says that it has discovered that one website spreading the attack was likely to have strategically significant users visiting its pages.

Specifically, the attackers inserted this zero-day exploit into a strategically important website, known to draw visitors that are likely interested in national and international security policy.

FireEye says it has notified Microsoft’s security team of the vulnerability, and it is to be hoped that a patch is forthcoming sooner rather than later. In the meantime, companies can protect their systems by installing the latest version of Microsoft EMET.

By the way, you’ll note that once again computers running Windows XP is one of the victims of this attack. From April 2014, there will be *no* *more* *security* *updates* coming from Microsoft for Windows XP, which means you’ll be left high and dry if you’re still using the ageing operating system after that date.

Don’t delay – upgrade from Windows XP to something else as soon as possible if you value your security.

Learn more about the attack in FireEye’s blog post, and read more commentary about the threat in this report from Ars Technica.

Update: Microsoft to patch actively-exploited zero-day flaw on Tuesday

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.