Germany's Federal Office for Information Security – or Das Bundesamt für Sicherheit in der Informationstechnik (BSI) – warns users about the threats posed by the existence of a zero-day vulnerability which affects Internet Explorer (IE).
“The vulnerability is being exploited in targeted attacks. Moreover, the attack code is also freely available on the Internet, and therefore has a fast wide-area utilization. To exploit the vulnerability, it is sufficient to attract Internet users to a malicious web site,” reads a translation of the report
“When viewed, this website can then be executed with the privileges of the user by exploiting the weakness of arbitrary code on the affected system,” the alert continues.
Considering the fact that a security update hasn’t been made available by Microsoft, BSI representatives advise Internet Explorer customers to utilize other web browsers, at least until the issue is addressed.
Immediately after learning of the existence of the zero-day, Microsoft released an advisory
, instructing users to apply a series of workarounds in order to protect themselves.
A few hours ago, the company issued another advisory
, promising to launch an “easy-to-use, one-click fix” in the next few days.
Microsoft has highlighted the fact that “an extremely limited number of attacks” have been recorded and that the number of impacted users is low.
In the meantime, experts who have analyzed the threat claim that it’s connected to the Chinese cybercriminal organization that’s behind the Nitro attacks.
As Eric Romang – the researcher who first identified the exploit – highlights, the criminals are not happy that their scheme has been uncovered. The expert reports that the exploit’s components have been removed from the servers where he found them.
To make sure that you’re protected against such attacks, check out the advisory
released by Microsoft, keep your antivirus updated at all times, and be careful when visiting shady websites.