FireEye security researchers unearth two IE zero-days

Researchers at security firm FireEye have identified two new Microsoft Internet Explorer zero-day exploits

Researchers at security firm FireEye have identified two new Microsoft Internet Explorer zero-day exploits.

The vulnerabilities are present in various versions of Internet Explorer 7, 8, 9 and 10, running Windows XP or Windows 7.

The first is hosted on a breached website based in the US.

The researchers say this exploit compromises anyone visiting a malicious website in a classic drive-by download attack

The exploit uses a new information leakage vulnerability and an IE out-of-bounds memory access vulnerability to achieve remote code execution.

The second IE zero day exploit found in the wild is being used in a strategic web compromise.

FireEye researchers found that the attackers inserted this zero-day exploit into a strategically important website.

This is a classic waterhole attack in which attackers have compromised a website known to draw visitors who are likely interested in national and international security policy.

FireEye has also found a link between this new attack and Operation DeputyDog that targets organisations in Japan.

FireEye researchers found that the malicious payload loads directly into computers’ memory, bypassing the hard disk.

FireEye has found a a link between the new attack and Operation DeputyDog

The “diskless” nature of the threat makes it more difficult for network defenders to protect against such threats.

“This technique will further complicate network defenders’ ability to triage compromised systems, using traditional forensics methods,” the researchers said.

“On the positive side, of course, rebooting the computers would mean that they were no longer infected,” said independent security consultant Graham Cluley.

“But without knowledge that their systems had been compromised, how are organisations supposed to know that sensitive data might have been stolen?,” he wrote in a blog post.

Cluley also notes that the attacks are affecting computers running Windows XP, but that from April 2014, there will be no further security updates from Microsoft for the operating system.

Any users of Windows XP who value security should update their operating system as soon as possible, he said.

The two IE zero-days come in addition to the recently reported zero-day that exploits a vulnerability in the graphics component of several key Microsoft products.

The vulnerability (CVE-2013-3906) is in the Tiff graphics format used in Microsoft Windows Vista, Windows Server 2008, Microsoft Office 2003-2010 and Microsoft Lync.

Read more about zero-day vulnerabilities and exploits


Read more on Hackers and cybercrime prevention