Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Google Finds Internet Explorer Zero-Day Exploited in Targeted Attacks

An out-of-band update released by Microsoft on Wednesday for its Internet Explorer web browser patches a zero-day vulnerability exploited by malicious actors in targeted attacks.

An out-of-band update released by Microsoft on Wednesday for its Internet Explorer web browser patches a zero-day vulnerability exploited by malicious actors in targeted attacks.

Microsoft has credited Clement Lecigne of Google’s Threat Analysis Group for reporting the vulnerability, but neither Microsoft nor Google have shared any details about the attacks involving the flaw.

The security hole is tracked as CVE-2018-8653 and it has been described as a remote code execution vulnerability related to how the scripting engine used by Internet Explorer handles objects in memory.

“The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user,” Microsoft explained in an advisory. “An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

According to the tech giant, an attacker can exploit the vulnerability by getting the targeted user to visit a specially crafted website using Internet Explorer. The victim can be lured to the malicious site using social engineering tactics.

Microsoft says the flaw impacts Internet Explorer 9 on Windows Server 2008, Internet Explorer 10 on Windows Server 2012, and Internet Explorer 11 on Windows 10, Windows Server 2019, Windows Server 2016, Windows Server 2008 R2, Windows Server 2012 R2, Windows 7, and Windows 8.1.

Since there are no workarounds for addressing this vulnerability, users should install the updates provided by Microsoft as soon as possible.

“Customers who have Windows Update enabled and have applied the latest security updates, are protected automatically. We encourage customers to turn on automatic updates,” Microsoft said.

Microsoft has patched a significant number of zero-day vulnerabilities this year, and since August it has resolved at least one zero-day every month. The list includes a flaw exploited by cybercriminals to deliver a RAT – Microsoft initially did not want to address this weakness –, Windows vulnerabilities disclosed by a researcher on Twitter, and several security bugs exploited in attacks aimed at the Middle East.

With this month’s Patch Tuesday updates, the company fixed a Windows kernel privilege escalation flaw exploited by a new threat actor named SandCat and possibly other groups.

Related: Microsoft Patches Actively Exploited Windows Vulnerability

Related: Microsoft Patches Windows Zero-Day Exploited by ‘FruityArmor’ Group

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.