Skip to main content

Actively Exploited IE7-IE11 Flaw Allows Drive-By Malware Downloads

Microsoft issued an out-of-band security patch for Internet Explorer versions 7 through 11, which contains a critical security flaw that allows attackers to infect users when they visit certain websites, with no action required from those users (this is also called drive-by downloads).

The zero-day flaw is being actively exploited in the wild right now, which is likely why Microsoft pushed an update for it as soon as it was possible. The company credits Google researcher, Clement Lecigne, for finding the zero-day vulnerability.

In the past, Microsoft wasn't too happy about Google giving it only 90 days to push a patch for one of its security vulnerabilities that was found by researchers part of Project Zero, but the company seems to have responded much more rapidly with a fix this time.

According to Qualys CTO, Wolfgang Kandek, there are multiple mechanisms that attackers can use to deploy malware through this vulnerability, including:

Hosting the exploit on ad networks, which are then used by entirely legitimate websites;Gaining control over legitimate websites, say blogs, by exploiting vulnerabilities in the blogging server software or simply weak credentials;Setting up specific websites for the attack and manipulating search engine results;Send you a link to the site by e-mail or other messaging programs.

After the users are infected, the malware gains the same privilege as the user, showing once again how important it is to stay off Administrator accounts. With the Admin privileges, the attackers can gain full control over the machine and can install even more malware on it, if necessary for their purposes.

Because Microsoft has just disclosed the bug, there's still time for attackers to integrate this vulnerability into their exploitation tools by the time most people update their Windows machines. That's why it's critical that all users update their PCs immediately -- or just use a browser other than Internet Explorer.

Microsoft's new Edge browser in Windows 10 is unaffected by the bug, proving how necessary it was for Microsoft to break-apart from the Internet Explorer legacy and start fresh with a new code-base that's cleaner and more secure.

Enterprises are likely not going to upgrade their users' PCs very soon, but if they use Microsoft's EMET tool, which protects against memory corruption bugs such as this one, they should be safe even when using Internet Explorer. However, this should only be used as a temporary solution, because EMET zero-day flaws may also exist in the wild that could make a bypass easier.

Follow us @tomshardware, on Facebook and on Google+.

Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
  • nukemaster
    This can not be.

    I thought only flash was the only Vulnerability and killing it off would put an edit to all the problems on the internet.

    Every hole they plug will lead hackers to find 2 more.

    All software has holes, it is just a matter of finding them.

    At least it is being taken care of fast.

    Ad blockers are more important than ever.
    Reply
  • shiitaki
    My solutions? Pretty damned obvious. I did not know that adds were free to post, and anyone could use the service anonymously! Oh wait! I'm pretty certain that is NOT the case. Google and Yahoo have both been serving up malware adds. The team Zero day is doing a great job of finding problems, the sales team on the other hand is quite literally destroying their business model. As the other poster mentions, a good ad blocker may be the most important security measure. Google and Yahoo are literally blowing holes in their own business model. What is the solution? Google and Yahoo can start cancelling the accounts of companies posting Malware. They can start inspecting adds like they inspect everyone's emails!

    Seriously! This is ridiculously obvious that the add companies are responsible for the content they host. Apparently it is completely legal to hack peoples computers, and write as well as distribute malware. Because all you have to do is follow the money, you morons! Get off your ass and save your business! If you need helping connecting the dots, those guys in the Zero day department seem to be competent.

    Now if you'll excuse me, I have to go find a good adblocker, and do my part in putting a crimp in Google, Yahoo, and all of the other add companies face rolling on this.
    Reply
  • willgart
    what??? Google is responsible for this exploit??? because this is going through ADs... so its Google fault. no ads no problem.
    and why they create ads which are more than a single image?
    I still dont understand these scripts everywhere while a simple image do the job.

    Send the image to Google, so no redirect to any 3rd party site, first point and a validation can be applied by Google before accepting the ADs...
    Reply
  • nukemaster
    16489406 said:
    Send the image to Google, so no redirect to any 3rd party site, first point and a validation can be applied by Google before accepting the ADs...
    One can dream.

    Google is not alone and all advertisers seem to do it that way.

    This is how it was done in the old days(just a small banner that did not try to pretend to be part of the site).
    Reply
  • johntheawe
    LOL. I and EVERYONE that I know (I reside in hacking/pentesting communities) KNEW this would happen. It is a cold hard fact that some 0-day exploits would be released for it. And I already know how many are running around for windows 10 and microsoft edge.
    Reply
  • Iamsoda
    Its sad and I try to play it ethical with having adds (content isn't free), but at the same time its hard to risk not having add block on. I normally keep it disabled on a few favorite/trusted sites.
    Reply
  • JerryCaldwell
    Any Ad Blocker recommendations? It seems like a minefield out there trying to Down-load good tools.
    Reply
  • Clayman1000x
    Good thing I don't use IE or Windows.
    Reply
  • Iamsoda
    16537273 said:
    Any Ad Blocker recommendations? It seems like a minefield out there trying to Down-load good tools.

    I use this https://adblockplus.org/releases/adblock-plus-12-for-internet-explorer-released
    Reply