IE10 under attack as hackers exploit zero-day bug
FireEye uncovers attacks emanating from a U.S. website just two days after Microsoft issued huge IE patch collection
Computerworld - FireEye today said it had discovered that attackers are actively exploiting a new, unpatched vulnerability in Internet Explorer 10 (IE10).
Microsoft confirmed the Milpitas, Calif. security company's report.
"Microsoft is aware of targeted attacks against Internet Explorer, currently targeting customers using Internet Explorer 10," a Microsoft spokesperson said via email. "We are investigating and we will take appropriate actions to help protect customers."
FireEye's disclosure came just two days after Microsoft patched every edition of IE with a large update that fixed 24 flaws, 15 of which applied to IE10. The IE update, which was not originally on this week's Patch Tuesday slate, was added at the last minute by Microsoft, which said it had completed testing of the repairs in time to make the cut.
The attack code, said FireEye, was hosted on a compromised website based in the U.S. The company called the exploit a "classic drive-by download attack," a term reserved for the most dangerous kind of browser-based assaults, one that only need entice people to a malware-infected site.
According to FireEye, the exploit sidesteps ASLR (address space layout randomization) using Flash ActionScript, an Adobe-owned scripting language most often used on sites that rely on Flash Player to execute content. ASLR is one of Windows' most important anti-exploit technologies.
"Upon successful exploitation, this zero-day attack will download a XOR-encoded payload from a remote server, decode and execute it," FireEye added.
FireEye said that it is "currently collaborating" with Microsoft's security engineers on researching the IE10 vulnerability and the related exploit.
IE10 has been on the downturn for the last four months. Starting in October 2013, Microsoft has been replacing IE10 with the newer IE11 on Windows 8 devices, including PCs and the tablets -- such as Microsoft's own Surface Pro 2 -- that run the full-featured Windows 8 and 8.1 rather than the subset-of-an-OS Windows RT.
Microsoft released IE11 for Windows 7 in November, at which point it was automatically pushed to those machines as a substitute for IE10.
Web metrics firm Net Applications estimated IE10 user share, a rough calculation of the percentage of all Internet users running a specific browser, at 9.3% in January. Most people running IE remain tied to 2009's IE8.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is email@example.com.
Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The Threat Landscape Hardly a day goes by without the discovery of a new cyberthreat somewhere in the world! But how do you keep up with...
- Security for Virtualization In the rush to implement virtualization, security has become second. So while the business benefits are clear, the risks are less well documented...
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- What Datapipe customers need to know about the new PCI DSS 3.0 compliance standard This handy quick reference outlines what PCI DSS 3.0 is, who needs to be compliant and how Alert Logic solutions address the new...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Malware and Vulnerabilities White Papers | Webcasts