Dec 10, 2010 11:52 GMT  ·  By

A Critical zero-day vulnerability affecting all supported versions of Internet Explorer will be patched on December 14th, 2010, as a part of the Microsoft’s monthly patch release cycle.

The 0-day flaw impacting IE6, IE7 and IE8 has been exploited in the wild since November when the first details and proof-of-concept code were also made public.

The security flaw, which involves an invalid flag reference within Internet Explorer, has not received an out-of-band patch from the software giant, although the company monitored the situation closely and confirmed attacks against the vulnerability.

However, Microsoft has always underlined that the attacks were limited and targeted in nature, explaining the move to not rush an update.

“The attack patterns for this vulnerability have been somewhat unusual. The Friday after we began our tracking effort, we saw our first spike in activity, predominantly targeting users in Korea, and secondarily attempting to exploit users in China,” revealed Holly Stewart, MMPC.

“Although attacks in China trended down over subsequent weeks, we continued to see weekend-related spikes in Korea. However, after the second weekend spike, even these attack attempts continued to trend down, revealing a smaller number of attack attempts each coming weekend.”

It appears that attacks are on the rise again, at least on the Chinese market, with the number of exploit attempts slowly climbing back.

The downward trend that Microsoft monitored is indeed unusual, but the company explains that although Critical in nature and theoretically capable of leading to remote code executions, exploits might not have had the impact attackers wished for.

“Although the Microsoft Security Advisory (2458511) lists Windows 7, Windows Vista and Windows Server 20008 as affected operating systems, these platforms include DEP/ASLR mitigations,” Stewart added.

“When you pair those platforms with Internet Explorer 8 and above, DEP/ASLR technologies are enabled by default to protect IE. So, perhaps the attackers have not been reaching the attack surface they had originally hoped and are starting to move on.”

Photo Gallery (2 Images)

IE
IE 0-day
Open gallery