New zero-day Internet Explorer exploit uncovered

Share this article:

Microsoft has issued a new security advisory, warning about potential attacks against a newly uncovered vulnerability in Internet Explorer.

In a blog posting on Microsoft's Security Response Center website, Bill Sisk said that “At this time, we are aware of limited attacks attempting to use the reported vulnerability, but we will continue to track this issue.”

The attacks affect customers using Internet Explorer 7 on Windows XP Service Pack 2, Windows XP Service Pack 3, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, Windows Vista, Windows Vista Service Pack 1, and Windows Server 2008.

The security updates Microsoft issued Tuesday apparently do not provide protection against the vulnerability, according to JM Hipolito, Trend Micro technical communications spokesman in a blog posting on the company's web site.

According to the Trend Micro posting, “After a successful exploit, [the malware] triggers a series of redirections to multiple URLs, then finally connects to one of several different domains.”

Once a user lands on a site to which they were redirected, javascript code executes and if successful, downloads a binary that steals credentials related to online games.

The SANS Internet Storm Center (ISC) has posted additional information on the problem issue in its Daily Incident Handler's blog.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Reported breaches involving zero-day bug at JPMorgan Chase, other banks

Reported breaches involving zero-day bug at JPMorgan Chase, ...

Hackers exploited a zero-day vulnerability and gained access to sensitive information from JPMorgan Chase and at least four other financial institutions, reports indicate.

Data on 97K Bugzilla users posted online for about three months

During a migration of the testing server for test builds of Bugzilla software, data on about 97,000 Bugzilla users was inadvertently posted publicly online.

Chinese national had access to data on 5M Arizona drivers, possible breach ...

Although Lizhong Fan left the U.S. in 2007, the agencies responsible for giving him access to Americans' personal information have yet to disclose the details of the case to the public.