IE Zero-Day Flaw Affecting IE Version 7 through 10 in the Wild

While Microsoft is still working to patch the recently reported zero-day vulnerability targeting Microsoft Windows and Office products, another critical flaw has emerged.

Rod Trent

November 11, 2013

1 Min Read
IE Zero-Day Flaw Affecting IE Version 7 through 10 in the Wild

While Microsoft is still working to patch the recently reported zero-day vulnerability targeting Microsoft Windows and Office products, another critical flaw has emerged. The new security threat affects Internet Explorer versions 7 through 10.

Over the weekend, FireEye, a security platform provider, has submitted a report to their blog that digs into the details of the new liability.

FireEye reports:

This payload has been identified as a variant of Trojan.APT.9002 (aka Hydraq/McRAT variant) and runs in memory only. It does not write itself to disk, leaving little to no artifacts that can be used to identify infected endpoints.

Attacks can be blocked by installing the latest version of Microsoft's Enhanced Mitigation Experience Toolkit, as Microsoft has not yet officially publicized the newly reported vulnerability.

Be ready and read through FireEye's full explanation about the latest active attacks:

Operation Ephemeral Hydra: IE Zero-Day Linked to DeputyDog Uses Diskless Method

UPDATE

Microsoft has now stated publicly that they are aware of this vulnerability and have already prepared to release the fix as part of “Bulletin 3”, which will be released as MS13-090, as listed in the November Advanced Notification Service (ANS). The update will be available to rollout on November 12, 2013.

Read the full statement: ActiveX Control issue being addressed in Update Tuesday

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like