A new vulnerability affecting Microsoft’s browser IE versions 6 to 11 has been discovered which corrupts memory in such a way that it allows attacks to execute arbitrary code and essentially take over the target machine.
The zero day flaw has so far prompted "limited attacks”, according to Microsoft, which made the unusual move of issuing a security alert on Saturday. Security firm FireEye claim that the bug affects more than 56% of web browsers which are currently in use and that it uses a well-known Flash exploit to achieve arbitrary memory access and bypass Windows files.
Typically, an attack will take place once the target has been tempted to click on a malicious link and according to FireEye, the most commonly targeted versions of IE are IE9 to 11, which account for around 26% of web browsers.
Attacks can take place through links in emails or be web-based and whilst the threat can be mitigated by reducing the user rights for email, it can still be carried out through an infected website or through infected advertisements on a website. However, all attacks depend on social engineering techniques in which users are enticed to click on a link of some form.
"The APT group responsible for this exploit has been the first group to have access to a select number of browser-based Zero-Day exploits in the past,” FireEye explains . "They are extremely proficient at lateral movement and are difficult to track, as they typically do not reuse command and control infrastructure.”
They go on to say that the APT group was also responsible for a backdoor exploit known as Pirpi, which was around in 2010.
Microsoft has issued an advisory, but there’s no patch for the vulnerability out as yet; however, the company has said that the issue is considered to be serious enough for it to consider issuing an out-of-band update.
In the meantime users can restrict the chances of coming under attack by removing administrative rights for those users that don’t need it and by using the Enhanced Mitigation Toolkit (EMET) to help to mitigate the risk. It’s also possible to help block potential attacks by setting the internet and local internet security zone settings to High in IE’s Internet Options.
Of course, another choice would simply be to use a different browser and to avoid clicking through any links sent in email.