Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Microsoft Patches IE Critical Vulnerability as Attacks Circulate

Microsoft has patched an Internet Explorer bug that has come under attack and dominated news headlines in recent days.

Microsoft has patched an Internet Explorer bug that has come under attack and dominated news headlines in recent days.

The security vulnerability impacts users running IE versions 6 through 11, and had been spotted by security researchers being used in targeted attacks. The vulnerability is due to IE improperly accessing an object in memory and corrupting memory in a way that allows an attacker to execute arbitrary code in the context of the user.  

News of a fix came on the same day that researchers at FireEye revealed an effort to exploit the bug against users of IE 8 and Windows XP. This discovery means that there are now live attacks on the bug that target anyone running IE 8 through 11 on Windows XP, 7 and 8.

According to FireEye, multiple threat actors are using the exploit in attacks and have expanded the industries being targeted. In addition to previously observed attacks against the defense and financial sectors, the government and energy sectors are under attack now as well.

“The main differences between this new attack targeting Windows XP compared to the original Windows 7/8.1 versions of this attack are the mitigation bypasses,” the FireEye researchers explained in a blog post. “The Windows 7/8.1 version develops its write primitive into read/write access to much of the process space by corrupting Flash vector objects. This is to bypass ASLR by searching for ROP gadgets and building a ROP chain dynamically in memory.”

“Without ASLR, ROP gadgets can be constructed beforehand with static addresses,” the researchers continued. “Consequently, Flash assistance in the Windows XP version is much simpler. It builds a ROP chain with static addresses to gadgets in MSVCRT, tweaks addresses for a plethora of language packs, and jumps directly to a pivot without developing a write primitive. From there, the ROP chain calls VirtualAlloc to allocate executable memory, copies the shellcode to the allocated chunk, and executes the shellcode. This new tactic of specifically targeting those running Windows XP means the risk factors of this vulnerability are now even higher.”

Trey Ford, global security strategist at Rapid7, noted that the presence of an out-of-band patch by Microsoft demonstrates the seriousness of the situation.

“To interrupt a scheduled development cycle for an emergency patch, or ‘out of band’ release, is a noteworthy event where a vendor is placing the public good ahead of their development and delivery lifecycle,” he said. “One thing particularly of interest is that Microsoft made the decision to issue this patch for Windows XP, which is no longer officially supported.  I think this underscores the importance of this patch, and the priority with which it should be deployed. Corporate and private users should prioritize downloading… and deploying this patch.”

Advertisement. Scroll to continue reading.

Dustin Childs, group manager of response communications for Microsoft Trustworthy Computing, blogged that while Microsoft decided to release an update for XP users as well in this case, those users should still upgrade as the operating system is no longer supported.

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.