Following the discovery of another zero-day vulnerability in Internet Explorer 8 (IE8) that attackers are exploiting in the wild, Microsoft was forced to issue two patches this Patch Tuesday.
The past few weeks have seen a slew of attacks exploiting a vulnerability in the browser initially reported in mid-September.
Discovered by Trustwave, this new vulnerability has seen attackers using a remote code execution vulnerability to install malware that attempts to disable victims' security products, redirect banking sites to a malicious IP address, and attempt to steal their credentials for popular online games.
The new vulnerability affects Internet Explorer 8 running on Windows XP and Windows 7 platforms.
The affected
Although the attacks are currently happening in Korea and Japan only, Trustwave says with zero-days, their exploitation tends to increase rapidly following disclosure, so it expects to see a lot more activity related to this vulnerability in the future.
Trustwave director of security research Ziv Mador says: "This Internet Explorer zero-day is currently used only on a small number of Web sites, and the attack was limited by its programmer to Japanese and Korean users."
However, he says based on past experience, new drive-by exploits are quickly copied to other malicious sites because they can work against a large number of users.
How it works
John Yeo, director at Trustwave, says users become infected via drive-by attacks when visiting certain Web sites. Once compromised, the vulnerability allows remote code execution.
SpiderLabs, a team of ethical hackers, investigators and researchers at Trustwave, explained in a blog that the techniques employed show the attacks are not targeted, but follow a "mud against the wall" approach, infecting all users in the affected regions unlucky enough to stumble upon them.
Yeo adds there is cause for alarm for businesses. "Zero-days that are being exploited in the wild are a big concern for businesses large and small, because even if they patch all their systems, there is still a risk. A zero-day attack can work against those systems."
The fix
In the company's Security Research & Defense blog, Microsoft said it has released MS13-080 which addresses 10 CVEs in IE. It added that the release "fixes multiple security issues, including two critical vulnerabilities that haven't been actively exploited in limited targeted attacks".
The software giant stressed the recent exploits allowed attackers to target previous versions of IE on older platforms where all the latest mitigations are not available or not enabled by default. It advised users "to install and use the latest versions of IE on modern Windows in order to raise exploitation challenges for attackers and have better defence".
Share