Microsoft Windows XP PCs Wide Open to New Zero Day IE Attack

Everyone knew it was just a matter of time until hackers exploited the security doors left wide open when Microsoft (MSFT) on April 8 stopped supplying fixes for the 13-year-old Windows XP operating system.

DH Kass, Senior Contributing Blogger

April 29, 2014

2 Min Read
Microsoft Windows XP PCs Wide Open to New Zero Day IE Attack

Everyone knew it was just a matter of time until hackers exploited the security doors left wide open when Microsoft (MSFT) on April 8 stopped supplying fixes for the 13-year-old Windows XP operating system.

Cybersecurity provider FireEye (FEYE) issued an alert April 26 identifying a new zero-day attack targeting Internet Explorer versions 6-11. “The vulnerability affects IE6 through IE11, but the attack is targeting IE9 through IE11,” the vendor wrote. FireEye said that a seasoned crew of hackers exploited the security hole in a campaign it called “Operation Clandestine Fox.”

FireEye declined to provide details of the attacks but said it believes it to be a “significant zero day as the vulnerable versions represent about a quarter of the total browser market. We recommend applying a patch once available.”

According to NetMarketShare, IE versions 9-11 collectively comprise more than 26 percent of the browser market. Until Microsoft releases a patch, users are advised to switch off of IE to another browser such as Google’s (GOOG) Chrome.

The security vendor seemed to have some idea of who’s behind the attacks, pegging an APT group (advanced persistent threat) that has been the “first group to have access to a select number of browser-based 0-day exploits (e.g. IE, Firefox, and Flash) in the past. They are extremely proficient at lateral movement and are difficult to track, as they typically do not reuse command and control infrastructure.”

Meanwhile, the attack left Microsoft scrambling to find a security patch for the flaw. In an advisory dated April 26, the vendor said it is “aware of limited, targeted attacks that attempt to exploit a vulnerability in Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10 and Internet Explorer 11.”

Microsoft said the vulnerability could allow a hacker to take complete control of an affected system, view, change or delete data, install malicious programs or create new accounts with full user rights.

“The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated,” the vendor wrote. “The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.”

Whatever fixes Microsoft comes up with to shore up IE won’t help XP users. The vendor has declined to offer up a patch for XP-based systems and said in a statement that it advises XP users to upgrade to Windows 7 or Windows 8.

Microsoft said it may provide Windows 7 and Windows 8 users with a solution through its monthly security update release or supply an out-of-cycle security update depending on customer needs.

Read more about:

AgentsMSPsVARs/SIs

About the Author

DH Kass

Senior Contributing Blogger, The VAR Guy

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like