14 DAY TRIAL // The Internet Storm Center has announced that more attacks attempting to exploit an unpatched security flaw in Microsoft’s Internet Explorer are being spotted, as Redmond is still working on a fix.
ISC recommended users to deploy Microsoft’s FixIt solution until a patch comes out, as all Internet Explorer could be vulnerable to attacks.
“The Internet Storm Center is beginning to see increased evidence of exploits in the wild regarding Microsoft Security Advisory 2887505. Accordingly, we're moving the InfoCon up to Yellow,” a notification rolled out recently reads.
Microsoft rolled out security advisory 2887505 on September 17 to warn about a zero-day Internet Explorer flaw that seems to be aimed at version 8 and 9 of its browsers. Still, the company claims that absolutely all IE versions could be affected, including the aging IE6 and the new 11.
“The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated,” Microsoft explained.
“The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.”
Security company FireEye claims that attacks supposed to take advantage of this flaw have been recorded since August 19 and most of them were aimed at Japanese computers. Codenamed Operation DeputyDog, the new wave of attacks was supposedly launched by the same group of hackers that attacked Bit9 in February and managed to compromise a number of certificates.
The company has only released a FixIt tool to help users stay on the safe side, claiming that a full patch is being developed as we speak.