First IE Zero-Day Post-Windows XP Affects a Quarter of Internet Users

First IE Zero-Day Post-Windows XP Affects a Quarter of Internet Users
by infosecurity
 
A major new Internet Explorer (IE) zero-day exploit targeting IE9 through IE11 has been spotted in the wild, being used by a sophisticated advanced persistent threat (APT) group. The exploit leverages a previously unknown use-after-free vulnerability, and uses a well-known Flash exploitation technique to achieve arbitrary memory access and bypass Windows address space layout randomization (ASLR) and Data Execution Prevention (DLP).
Microsoft has assigned CVE-2014-1776 to the flaw and has released a security advisory noting that the vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within IE. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. The purpose, of course, is to gain control of the machine and lift sensitive information; an attacker who successfully exploits this vulnerability would gain the same user rights as the current user. It should be noted that although the attack is going after IE9 through IE11, the vulnerability actually affects IE6 through IE11. And, it’s the first zero-day vulnerability that will not be patched for Windows XP users, as Microsoft ended support for the operating system on April 8.
“This is the first major known exploit of a vulnerability to affect Windows XP since the official end of support earlier this month”, said Simon Townsend, chief technologist of Europe at AppSense, in a comment to Infosecurity. “Recent research from AppSense suggests that as much as 77% of British businesses are running Windows XP in some capacity beyond the end of support deadline. Such organizations could be impacted by further exploits to this vulnerability as malware creators take further advantage of this security hole which will remain open, due to the end of patches and security fixes for Windows XP by Microsoft”. He added, “By using an unsupported platform, organizations are taking a very real risk in terms of data security as highlighted by this exploit, and need to either move off XP or strictly control user rights and application usage”.
 
Full Article