New Internet Explorer zero-day exploit sneaks malware into PCs

by Milan Stanojevic
Milan Stanojevic
Milan Stanojevic
Windows & Software Expert
Milan has been enthusiastic about PCs ever since his childhood days, and this led him to take interest in all PC-related technologies. Before joining WindowsReport, he worked as... read more
Affiliate Disclosure
internet explorer zero day exploit

A Chinese cybersecurity firm has discovered a zero-day vulnerability in Microsoft’s Internet Explorer, which they say is already being used by cyber criminals to infect machines. Qihoo 360, the company that released the shocking discovery, revealed in its report that the bug, dubbed ‘double kill’ due to the fact that it targets both Internet Explorer and any apps using the IE kernel, is currently in use by an advanced persistent threat often known to be sponsored by a government.

Internet Explorer comes pre-installed on each Windows computer, despite it being overtaken by the new Microsoft Edge browser, but because many organizations still use Internet Explorer, Microsoft decided to let it stay though the firm doesn’t give it as much focus in terms of improving the browser as it does with Edge.

There is a  new, serious flaw now leaves IE open to malware attacks, as the bug uses a Microsoft Office document with a pre-installed vulnerability, which opens a web page that then downloads a piece of malware. Researchers say the malware takes advantage of a UAC (User Account Control) bypass while using embedding technology, such that a message, image or file can be embedded within another message, image or file.

Although the news about the bug has spread widely, Microsoft is yet to issue a response with regards to the vulnerability, and so far, a patch is not yet available for it. However, users of Internet Explorer are cautioned against opening any Office attachments from sources unknown to them, because the bug requires that the ‘victim’ opens a malicious Microsoft Office document that has a link to a website which delivers the malware payload.

According to Qihoo 360, once infected, attackers can install backdoor Trojans or gain total control over the machine. Qihoo 360’s report doesn’t mention what the actual zero-day vulnerability is, and how the software is delivered, neither does it reveal the APT actor or government sponsors that may be behind the attack. What the report does mention, however, is the sequence with which the attack functions, and the firm has requested for an urgent release of a patch, though this is left at Microsoft’s discretion for now.

To stay protected from the zero-day exploit, here are some tips to avoid infection:

  • Don’t open attachments from unfamiliar sources
  • Insist that your team or other acquaintances share documents via cloud services such as OneDrive or Google Cloud
  • Ensure all antivirus and security software on your machines are updated
  • Don’t use Internet Explorer, instead, use Microsoft Edge browser which is more secure
  • Make sure your systems are all updated with the latest security patches, as outdated machines are more vulnerable to attack.

You can secure 100% of all your internet access with a good VPN. We recommend CyberGhost, trusted by 15milion users over the world for the enhanced protection of browsing experience.
Download now CyberGhost (currently 77% off).

Currently, it seems all Internet Explorer versions are vulnerable to this and other attacks, regardless of the version of Windows operating system being used, which means documents opened with any version of Office will trigger the vulnerability thus an attack. This extends to Windows 10 and Office 2016 as well, which are said to be vulnerable.

Microsoft is expected to release a new batch of security updates in the first weeks of May 2018, on Patch Tuesday, but, this is dependent on how many attacks this new flaw will come with, meaning a quick fix could be released before then.