Critical Microsoft Zero-Day Attack on IE

One of the upsides of Microsoft's Internet Explorer 8 was how much more secure it was than the older versions of IE, particularly the extremely buggy IE6.

By Sue Poremba | Posted Nov 4, 2010
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

One of the upsides of Microsoft's Internet Explorer 8 was how much more secure it was than the older versions of IE, particularly the extremely buggy IE6.

However, Microsoft has released an advisory warning of a critical zero-day exploit. The advisory stated:

The vulnerability exists due to an invalid flag reference within Internet Explorer. It is possible under certain conditions for the invalid flag reference to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.

It affects IE6, IE7 and IE8 (although I've seen a few reports that IE8 is already protected). The new beta version of IE9 is not affected.

According to Zscaler:

The attacks are initiated via an email campaign, which social engineers victims into visiting an otherwise legitimate website, which has been infected with the zero day exploit.  [T]he attack first probes incoming requests to identify the browser type and only delivers the exploit to older versions of IE.  Once infected, the victim machine connects to a second server and downloads additional instructions, delivered in the form of encrypted .gif files.

The infected website has been cleaned up, but you know how these things go. If there is one infected website that did its job, the bad guys will try again. According to an article in InformationWeek, the threat isn't considered bad enough to warrant an emergency patch:

Microsoft says that the Data Execution Prevention (DEP) technology included in Internet Explorer 8 and Protected Mode, in Windows Vista and 7, will help mitigate the threat posed by this vulnerability.

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter