Internet Explorer Zero-Day Exploited in the Wild

An advanced persistent threat (APT), a term sometimes used to describe nation-state-backed cyber-espionage units, is using a zero-day vulnerability in the Internet Explorer kernel code to infect victims with malware.

Security researchers from Chinese antivirus maker Qihoo 360 Core have reported the issue to Microsoft this week. The zero-day has been deployed in live attacks, as part of Office documents sent to selected targets.

Latest versions of IE browser affected, possibly other apps

The Qihoo 360 Core team said the zero-day uses a so-called “double kill” vulnerability that affects the latest versions of Internet Explorer and any other applications that use the IE kernel.

“After the target opens the document, all exploit code and malicious payloads are loaded from a remote server,” researchers wrote in a blog post on the Weibo micro-blogging platform.

Researchers said the attack involves the use of a public UAC bypass, reflective DLL loading, fileless execution, and steganography.

The Qihoo 360 Core team has not revealed the exact exploitation chain, apart from an image shared on Weibo. [We’ll still working on getting the image translated.]

Microsoft Mum on disclosure

In typical Microsoft fashion, the company has not confirmed or denied Qihoo 360 Core’s findings. The company has sent over the following canned statement.

Windows has a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as possible. We recommend customers use Windows 10 and the Microsoft Edge browser for the best protection. Our standard policy is to provide remediation via our current Update Tuesday schedule.

The Qihoo 360 Core team has not answered a request for comment for more details on the APT group prior to this article’s publication.

 

The article will update once will get more information about the disclosure.

Credit: BleepingComputer

Ethical Hacking Workshop | Stay Safe & Secure

CEH Course In pune | Slink

Jai Prajapati

Jai Prajapati is a security analyst and author for Securityleaks, where he passion for covering latest happening in cybersecurity world such as malware, breaches, vulnerabilities, exploits, white-papers, hacking newsbytes, Dark Web, hacking tutorials and a few more.

Leave a Reply

Your email address will not be published. Required fields are marked *