Knight Foundation Researchers have uncovered new, currently unpatched vulnerabilities in multiple versions of Internet Explorer that criminals are actively exploiting to surreptitiously execute unusually advanced malware on computers that visit booby-trapped websites.

The vulnerabilities in various configurations of IE versions 7, 8, 9, and 10 running on Windows XP and Windows 7 are separate from the Microsoft Windows and Office graphics flaw that’s also under active exploit at the moment.

According to researchers at security firm FireEye, the IE-targeted exploits arrive as a classic drive-by attack that’s found on at least one breached website located in the US.

The attacks are able to bypass security protections Microsoft engineers have gradually added to later versions of their software.

The exploits appear to circumvent the measures, at least in part, by exploiting at least two separate flaws. One flaw allows attackers to access and control computer memory, and another leaks system information needed to capitalize on the first bug. “The memory access vulnerability is designed to work on Windows XP with IE 7 and 8 and on Windows 7,” FireEye researchers Xiaobo Chen and Dan Caselden wrote in a post published Friday. “The exploit targets the English version of Internet Explorer, but we believe the exploit can be easily changed to leverage other languages. Based on our analysis, the vulnerability affects IE 7, 8, 9 and 10.” Early analysis suggests the two vulnerabilities work only against machines running IE 8 on XP and IE 9 running on Windows 7.

The research into the attacks is in extremely early stages, so it wouldn’t be surprising for the range of vulnerable systems to be wider once more analysis has been done.     

Leave a Reply