Internet Explorer 8 Flaw Used to Hack Nuclear Weapons Researchers

Microsoft urges everyone to upgrade to a newer version of the browser

  IE8 is the only affected version of the browser
A security flaw found in Internet Explorer 8, the world's most popular browser according to recent stats, has been used to launch attacks aimed at US nuclear weapon scientists.

A security flaw found in Internet Explorer 8, the world's most popular browser according to recent stats, has been used to launch attacks aimed at US nuclear weapon scientists.

A report published by ZDNet and citing several security firms across the world reveals that a recently-discovered security flaw in Microsoft's browser allowed hackers to launch a number of watering hole attempts in an effort to exploit US government computers.

Systems belonging to the US Department of Labor and the US Department of Energy have been hit recently, the report states, but it's not yet clear whether hackers managed to access any secret files or not.

As far as the attackers go, some sources claim that Chinese hackers are behind this new exploit, even though no specifics have been provided.

Microsoft has already confirmed the flaw, saying that it's indeed “aware” of several attacks, but the company remained tight-lipped on the damage that may have been caused by the vulnerability.

“Microsoft is investigating public reports of a vulnerability in Internet Explorer 8. Microsoft is aware of attacks that attempt to exploit this vulnerability,” the company explained.

Internet Explorer 8 is the only version of the browser that's affected, but it seems like all Windows editions are vulnerable to attacks, so users are again recommended to update to a newer release, as both IE9 and IE10 are on the safe side.

“This is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer,” Microsoft added.

“An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.”

Comments