Security Advisor

IE 9 and 10 Zero-Day Attack Targeting U.S. Veterans

Those that have upgraded to the latest version of Microsoft's Web browser (Internet Explorer 11) are not at risk for attack.

Untitled Document


Microsoft confirmed on Thursday that an Adobe Flash vulnerability in Internet Explorer 9 and 10 is currently being used in attacks that have been targeting U.S. military veterans who visit the Veterans of Foreign Wars (VFW) Web site.

"Microsoft is aware of limited, targeted attacks against Internet Explorer 9 and 10," said Microsoft in an e-mailed statement. "As our investigation continues, we recommend customers upgrade to Internet Explorer 11 for added protection,"

Security firm FireEye first discovered that a zero-day exploit was being used to target U.S. veterans and said the attack coincided with this week's snow storm that left many federal works (including some government IT employees) unable to get to work.

FireEye said that attackers first compromised the VFW Web site and inserted an iframe at the beginning of the site's HTML code that automatically opens up the attackers' harmful Web site in the background. After the site is opened, a harmful Flash object is run that exploits the Internet Explorer vulnerability (first only believed to be found in IE 10).

The exploit then allows attackers to install malicious code on a targeted computer.

Speaking to Computerworld,  Darien Kindlund, manager of threat intelligence at FireEye, said the group behind the VTW attack is a well-known group that typically operates by locating and exploiting new 0-day attacks instead of modifying known attack vectors like many hacking groups do.

"Once this operation subsides, they'll probably restart again," said Kindlund. "It still seems they're achieving mission success based on the slight tweaks they've done to their attack methodology."

While Microsoft has not sent word if an out-of-band patch is coming for the IE flaw, the best way to avoid being attacked with this exploit is to upgrade to the latest version of Microsoft's Web browser, Internet Explorer 11. Also, execution of the exploit will be cancelled for those running Microsoft's Experience Mitigation Toolkit (EMET). Further, a Microsoft security advisory should be on its way with workarounds detailed until a permanent fix is available.

Even though there have yet to be additional active attacks seen using this exploit, look for it to be leveraged more in the future due to the possible large number of  attack targets According to Web analytic reporting firm Net Applications, 31.2 percent of all active Internet Explorer users are using either IE 9 or 10.

About the Author

Chris Paoli is the site producer for and


  • Microsoft Previews Windows VM Authentications via Azure Active Directory

    Microsoft on Thursday announced a preview of remote authentications into Windows-based Azure virtual machines (VMs) using Azure AD credentials.

  • Windows Server 20H1 Getting Smaller Containers and Faster PowerShell

    Microsoft is promising to deliver a smaller container size and improved PowerShell performance with its next release of Windows Server.

  • Microsoft Previews Microsoft Teams for Linux

    Microsoft on Tuesday announced a "limited preview" release of Microsoft Teams for certain Linux desktop operating systems.

  • Hyper-V Architecture: Some Clarifications

    Brien answers two thought-provoking reader questions. First, do Hyper-V VMs have direct hardware access? And second, how is it possible to monitor VM resource consumption from the host operating system?

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.