Internet Explorer is pre-installed on every Windows PC, even though it’s been superseded by Microsoft’s new Edge browser in terms of long-term support. The reason is simple: Many organizations use the archaic browser for legacy applications, and so Microsoft has had to keep it around but isn’t spending a great deal of time on improving it. Unfortunately, according to one security firm, Internet Explorer has a serious flaw that’s leaving it open to malware attacks.
ZDNet reports on the zero-day bug, which is coming from Chinese antivirus software company Qihoo 360 Core. The company’s security research team claim that the bug uses a Microsoft Office document that has a vulnerability installed that opens a web page that downloads a piece of malware. According to the researchers, the malware exploits a user account control (UAC) bypass attack, and it also utilizes file steganography, which is the technology of embedding a message, image, or file within another message, image, or file.
Qihoo 360 also reported on the bug via Twitter:
We uncovered an IE 0day vulnerability has been embedded in malicious MS Office document, targeting limited users by a known APT actor.Details reported to MSRC @msftsecresponse
— 360 Threat Intelligence Center (@360CoreSec) April 20, 2018
Microsoft responded to ZDNet’s request for comment with the following rather generic statement:
“Windows has a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as possible. We recommend customers use Windows 10 and the Microsoft Edge browser for the best protection. Our standard policy is to provide remediation via our current Update Tuesday schedule.”
The following image shows a basic flowchart of how the bug is executed on an affected system. Beyond this, there is not a great deal of information on the flaw and little else to go on in determining just how infected systems are impacted. Until Microsoft fixes the bug, of course, it will remain an issue for Windows users.
Apparently, the attack is being conducted globally by an “advanced persistent threat (APT) group.” That implies a group of hackers with some capabilities that can conduct such a sophisticated attack. Unfortunately, there is not much users can do at this point except follow the usual security advice: Keep your systems and software updated, make sure you’re using sufficient malware protection, and don’t open any files unless you’re absolutely certain that it’s from a trusted source and that it was sent on purpose.
