Microsoft confirmed yesterday that a new Zero Day hacker vulnerability exists in all versions of their Internet Explorer browsers. The issue (CVE-2014-1776) is being used in targeted attacks by APT groups but the currently active campaigns are targeting IE 9, IE10 and IE11 browsers.

Internet Explorer Zero-Day VulnerabilityZero Day Vulnerability APT Attack

According to the Microsoft Advisory, the browsers are vulnerable to remote code execution. This is from the way that Internet Explorer accesses an item in memory that has been deleted or has not been properly allocated.  Microsoft is working with security experts to fix the problem, but in the meantime don’t use Internet Explorer. Use  Chrome, Firefox, or other browsers.

How it works

An attacker can trigger the Zero-Day exploit through a malicious webpage that you, or the targeted user, has to access with the IE browser. If the exploit is successful, the attacker gets to execute code within the browser in order to get the same rights as the current user. This can give the attacker full use of a system and access to all it’s data.

Culprit: Adobe Flash Plugin

The exploit depends upon the execution of an Adobe Flash plugin SWF file that calls a Javascript to trigger the flaw. This allows the exploit to bypass the Windows’ code (ASLR and DEP) that protects the target system. According to the advisory, there currently is no security patch to this flaw.

What are APT groups?

An Advanced Persistent Threat (APT)  is a network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time. The intention of an APT attack is to steal data rather than to cause damage to the network or organization.  The current forms of APT attacks are coming from groups of individuals that have shared agendas. Typically, the groups attack organizations that have valuable financial or security information.