Security Advisor

IE 9 and 10 Zero-Day Attack Targeting U.S. Veterans

Those that have upgraded to the latest version of Microsoft's Web browser (Internet Explorer 11) are not at risk for attack.

Untitled Document

 

Microsoft confirmed on Thursday that an Adobe Flash vulnerability in Internet Explorer 9 and 10 is currently being used in attacks that have been targeting U.S. military veterans who visit the Veterans of Foreign Wars (VFW) Web site.

"Microsoft is aware of limited, targeted attacks against Internet Explorer 9 and 10," said Microsoft in an e-mailed statement. "As our investigation continues, we recommend customers upgrade to Internet Explorer 11 for added protection,"

Security firm FireEye first discovered that a zero-day exploit was being used to target U.S. veterans and said the attack coincided with this week's snow storm that left many federal works (including some government IT employees) unable to get to work.

FireEye said that attackers first compromised the VFW Web site and inserted an iframe at the beginning of the site's HTML code that automatically opens up the attackers' harmful Web site in the background. After the site is opened, a harmful Flash object is run that exploits the Internet Explorer vulnerability (first only believed to be found in IE 10).

The exploit then allows attackers to install malicious code on a targeted computer.

Speaking to Computerworld,  Darien Kindlund, manager of threat intelligence at FireEye, said the group behind the VTW attack is a well-known group that typically operates by locating and exploiting new 0-day attacks instead of modifying known attack vectors like many hacking groups do.

"Once this operation subsides, they'll probably restart again," said Kindlund. "It still seems they're achieving mission success based on the slight tweaks they've done to their attack methodology."

While Microsoft has not sent word if an out-of-band patch is coming for the IE flaw, the best way to avoid being attacked with this exploit is to upgrade to the latest version of Microsoft's Web browser, Internet Explorer 11. Also, execution of the exploit will be cancelled for those running Microsoft's Experience Mitigation Toolkit (EMET). Further, a Microsoft security advisory should be on its way with workarounds detailed until a permanent fix is available.

Even though there have yet to be additional active attacks seen using this exploit, look for it to be leveraged more in the future due to the possible large number of  attack targets According to Web analytic reporting firm Net Applications, 31.2 percent of all active Internet Explorer users are using either IE 9 or 10.

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Microsoft Warns IT Pros on Windows Netlogon Fix Coming Next Month

    Microsoft on Thursday issued a reminder to organizations to ensure that their systems are properly patched for a "Critical"-rated Windows Netlogon vulnerability before next month's "update Tuesday" patch distribution arrives.

  • Microsoft Nudging Skype for Business Users to Teams

    Microsoft on Thursday announced some perks and prods for Skype for Business unified communications users, with the aim of moving them to the Microsoft Teams collaboration service instead.

  • How To Improve Windows 10's Sound and Video Quality

    Windows 10 comes with built-in tools that can help users get the most out of their sound and video hardware.

  • Microsoft Offers More 'Solorigate' Advice Using Microsoft 365 Defender Tools

    Microsoft issued yet another article with advice on how to use its Microsoft 365 Defender suite of tools to protect against "Solorigate" advanced persistent threat types of attacks in a Thursday announcement.

comments powered by Disqus