Windows, Internet Explorer Vulnerable to Zero-Day Exploit

/ Source: SecurityNewsDaily

Story updated at 4 p.m. ET Tuesday with news that German government was advising citizens to stop using Internet Explorer.

A new zero-day exploit of Internet Explorer versions 6, 7, 8 and 9 puts users at risk of an attack that could result in the remote control of their computers.

In a blog post, Alien Vault researcher Jamie Blasco explained that even fully patched versions of Windows 7, Vista and XP running the latest versions of Internet Explorer 6, 7, 8 and 9 are vulnerable to a booby-trapped website that installs a backdoor Trojan called Poison Ivy.

The exploit works by bypassing a malware detector  and is especially notable for its functionality across several versions of Microsoft's operating system and Web browser. "This is one of the few times that a vulnerability has been successfully exploited across all the production shipping versions of the browser and OS," HD Moore, chief security officer of computer security company Rapid7, told Ars Technica yesterday.

IT security adviser and blogger Eric Romang, who over the weekend was the first to write about the exploit, said potential victims have to be running Adobe Flash Player to become infected.

According to Ars, the 34 most popular antivirus programs barely detected the malicious files or did not detect them at all.

This latest zero-day attack ―the immediate exploit of a newly discovered flaw ―appears to be coming from Chinese government-backed hackers who used a zero-day exploit in Java just last month. The hackers are thought to be the biggest finders and users of zero-day exploits.

Microsoft issued a security advisory today (Sept. 18) and hinted that a patch may be on its way ahead of schedule. As a rule, Microsoft pushes out security patches only on the first Tuesday of each month.

Microsoft has recommended several ways to mitigate the risk, but the simplest workaround is not to use Internet Explorer.

Even when the user is avoiding Internet Explorer, however, Moore warned that plug-ins, apps and other third-party programs that work in tandem with Internet Explorer could be affected. Ars pointed out that others on unsecured networks could use the exploit to throw malware onto your PC.

Internet Explorer 10 is not affected by this issue.

UPDATE: After reviewing the newly revealed security flaw, Germany's Bundesamt für Sicherheit in der Informationstechnik, or Federal Office of IT Security, advised German citizens to stop using Internet Explorer until the flaw was patched, according to Reuters.