CONFERENCE Cyber AI & Automation Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Microsoft Patches IE Critical Vulnerability as Attacks Circulate

Microsoft has patched an Internet Explorer bug that has come under attack and dominated news headlines in recent days.

Microsoft has patched an Internet Explorer bug that has come under attack and dominated news headlines in recent days.

The security vulnerability impacts users running IE versions 6 through 11, and had been spotted by security researchers being used in targeted attacks. The vulnerability is due to IE improperly accessing an object in memory and corrupting memory in a way that allows an attacker to execute arbitrary code in the context of the user.  

News of a fix came on the same day that researchers at FireEye revealed an effort to exploit the bug against users of IE 8 and Windows XP. This discovery means that there are now live attacks on the bug that target anyone running IE 8 through 11 on Windows XP, 7 and 8.

According to FireEye, multiple threat actors are using the exploit in attacks and have expanded the industries being targeted. In addition to previously observed attacks against the defense and financial sectors, the government and energy sectors are under attack now as well.

“The main differences between this new attack targeting Windows XP compared to the original Windows 7/8.1 versions of this attack are the mitigation bypasses,” the FireEye researchers explained in a blog post. “The Windows 7/8.1 version develops its write primitive into read/write access to much of the process space by corrupting Flash vector objects. This is to bypass ASLR by searching for ROP gadgets and building a ROP chain dynamically in memory.”

“Without ASLR, ROP gadgets can be constructed beforehand with static addresses,” the researchers continued. “Consequently, Flash assistance in the Windows XP version is much simpler. It builds a ROP chain with static addresses to gadgets in MSVCRT, tweaks addresses for a plethora of language packs, and jumps directly to a pivot without developing a write primitive. From there, the ROP chain calls VirtualAlloc to allocate executable memory, copies the shellcode to the allocated chunk, and executes the shellcode. This new tactic of specifically targeting those running Windows XP means the risk factors of this vulnerability are now even higher.”

Trey Ford, global security strategist at Rapid7, noted that the presence of an out-of-band patch by Microsoft demonstrates the seriousness of the situation.

“To interrupt a scheduled development cycle for an emergency patch, or ‘out of band’ release, is a noteworthy event where a vendor is placing the public good ahead of their development and delivery lifecycle,” he said. “One thing particularly of interest is that Microsoft made the decision to issue this patch for Windows XP, which is no longer officially supported.  I think this underscores the importance of this patch, and the priority with which it should be deployed. Corporate and private users should prioritize downloading… and deploying this patch.”

Advertisement. Scroll to continue reading.

Dustin Childs, group manager of response communications for Microsoft Trustworthy Computing, blogged that while Microsoft decided to release an update for XP users as well in this case, those users should still upgrade as the operating system is no longer supported.

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.