Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Google Finds Internet Explorer Zero-Day Exploited in Targeted Attacks

An out-of-band update released by Microsoft on Wednesday for its Internet Explorer web browser patches a zero-day vulnerability exploited by malicious actors in targeted attacks.

An out-of-band update released by Microsoft on Wednesday for its Internet Explorer web browser patches a zero-day vulnerability exploited by malicious actors in targeted attacks.

Microsoft has credited Clement Lecigne of Google’s Threat Analysis Group for reporting the vulnerability, but neither Microsoft nor Google have shared any details about the attacks involving the flaw.

The security hole is tracked as CVE-2018-8653 and it has been described as a remote code execution vulnerability related to how the scripting engine used by Internet Explorer handles objects in memory.

“The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user,” Microsoft explained in an advisory. “An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

According to the tech giant, an attacker can exploit the vulnerability by getting the targeted user to visit a specially crafted website using Internet Explorer. The victim can be lured to the malicious site using social engineering tactics.

Microsoft says the flaw impacts Internet Explorer 9 on Windows Server 2008, Internet Explorer 10 on Windows Server 2012, and Internet Explorer 11 on Windows 10, Windows Server 2019, Windows Server 2016, Windows Server 2008 R2, Windows Server 2012 R2, Windows 7, and Windows 8.1.

Advertisement. Scroll to continue reading.

Since there are no workarounds for addressing this vulnerability, users should install the updates provided by Microsoft as soon as possible.

“Customers who have Windows Update enabled and have applied the latest security updates, are protected automatically. We encourage customers to turn on automatic updates,” Microsoft said.

Microsoft has patched a significant number of zero-day vulnerabilities this year, and since August it has resolved at least one zero-day every month. The list includes a flaw exploited by cybercriminals to deliver a RAT – Microsoft initially did not want to address this weakness –, Windows vulnerabilities disclosed by a researcher on Twitter, and several security bugs exploited in attacks aimed at the Middle East.

With this month’s Patch Tuesday updates, the company fixed a Windows kernel privilege escalation flaw exploited by a new threat actor named SandCat and possibly other groups.

Related: Microsoft Patches Actively Exploited Windows Vulnerability

Related: Microsoft Patches Windows Zero-Day Exploited by ‘FruityArmor’ Group

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

Mark Carter has been appointed Chief Information Security Officer at Socure.

Spektrum Labs has named Mark Cravotta Chief Operating Officer.

More People On The Move

Expert Insights

Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.