Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Microsoft Patches IE Critical Vulnerability as Attacks Circulate

Microsoft has patched an Internet Explorer bug that has come under attack and dominated news headlines in recent days.

Microsoft has patched an Internet Explorer bug that has come under attack and dominated news headlines in recent days.

The security vulnerability impacts users running IE versions 6 through 11, and had been spotted by security researchers being used in targeted attacks. The vulnerability is due to IE improperly accessing an object in memory and corrupting memory in a way that allows an attacker to execute arbitrary code in the context of the user.  

News of a fix came on the same day that researchers at FireEye revealed an effort to exploit the bug against users of IE 8 and Windows XP. This discovery means that there are now live attacks on the bug that target anyone running IE 8 through 11 on Windows XP, 7 and 8.

According to FireEye, multiple threat actors are using the exploit in attacks and have expanded the industries being targeted. In addition to previously observed attacks against the defense and financial sectors, the government and energy sectors are under attack now as well.

“The main differences between this new attack targeting Windows XP compared to the original Windows 7/8.1 versions of this attack are the mitigation bypasses,” the FireEye researchers explained in a blog post. “The Windows 7/8.1 version develops its write primitive into read/write access to much of the process space by corrupting Flash vector objects. This is to bypass ASLR by searching for ROP gadgets and building a ROP chain dynamically in memory.”

“Without ASLR, ROP gadgets can be constructed beforehand with static addresses,” the researchers continued. “Consequently, Flash assistance in the Windows XP version is much simpler. It builds a ROP chain with static addresses to gadgets in MSVCRT, tweaks addresses for a plethora of language packs, and jumps directly to a pivot without developing a write primitive. From there, the ROP chain calls VirtualAlloc to allocate executable memory, copies the shellcode to the allocated chunk, and executes the shellcode. This new tactic of specifically targeting those running Windows XP means the risk factors of this vulnerability are now even higher.”

Advertisement. Scroll to continue reading.

Trey Ford, global security strategist at Rapid7, noted that the presence of an out-of-band patch by Microsoft demonstrates the seriousness of the situation.

“To interrupt a scheduled development cycle for an emergency patch, or ‘out of band’ release, is a noteworthy event where a vendor is placing the public good ahead of their development and delivery lifecycle,” he said. “One thing particularly of interest is that Microsoft made the decision to issue this patch for Windows XP, which is no longer officially supported.  I think this underscores the importance of this patch, and the priority with which it should be deployed. Corporate and private users should prioritize downloading… and deploying this patch.”

Dustin Childs, group manager of response communications for Microsoft Trustworthy Computing, blogged that while Microsoft decided to release an update for XP users as well in this case, those users should still upgrade as the operating system is no longer supported.

Written By

Marketing professional with a background in journalism and a focus on IT security.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

James Phillips has been promoted to the role of Vice President, Cybersecurity Risk Management at AT&T.

Rafal Los has joined Binary Defense as Chief Strategy Officer.

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.