Skip to main content

Internet Explorer has a zero-day bug that Microsoft needs to fix

Internet Explorer is pre-installed on every Windows PC, even though it’s been superseded by Microsoft’s new Edge browser in terms of long-term support. The reason is simple: Many organizations use the archaic browser for legacy applications, and so Microsoft has had to keep it around but isn’t spending a great deal of time on improving it. Unfortunately, according to one security firm, Internet Explorer has a serious flaw that’s leaving it open to malware attacks.

ZDNet reports on the zero-day bug, which is coming from Chinese antivirus software company Qihoo 360 Core. The company’s security research team claim that the bug uses a Microsoft Office document that has a vulnerability installed that opens a web page that downloads a piece of malware. According to the researchers, the malware exploits a user account control (UAC) bypass attack, and it also utilizes file steganography, which is the technology of embedding a message, image, or file within another message, image, or file.

Qihoo 360 also reported on the bug via Twitter:

Recommended Videos

We uncovered an IE 0day vulnerability has been embedded in malicious MS Office document, targeting limited users by a known APT actor.Details reported to MSRC @msftsecresponse

— 360 Threat Intelligence Center (@360CoreSec) April 20, 2018

Please enable Javascript to view this content

Microsoft responded to ZDNet’s request for comment with the following rather generic statement:

“Windows has a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as possible. We recommend customers use Windows 10 and the Microsoft Edge browser for the best protection. Our standard policy is to provide remediation via our current Update Tuesday schedule.”

The following image shows a basic flowchart of how the bug is executed on an affected system. Beyond this, there is not a great deal of information on the flaw and little else to go on in determining just how infected systems are impacted. Until Microsoft fixes the bug, of course, it will remain an issue for Windows users.

Qihoo 360

Apparently, the attack is being conducted globally by an “advanced persistent threat (APT) group.” That implies a group of hackers with some capabilities that can conduct such a sophisticated attack. Unfortunately, there is not much users can do at this point except follow the usual security advice: Keep your systems and software updated, make sure you’re using sufficient malware protection, and don’t open any files unless you’re absolutely certain that it’s from a trusted source and that it was sent on purpose.

Mark Coppock
Mark Coppock is a Freelance Writer at Digital Trends covering primarily laptop and other computing technologies. He has…
Microsoft finally, officially pulls the plug on Internet Explorer
An Internet Explorer desktop icon.

Happy Valentine's Day -- Internet Explorer is now dead. After announcing it would phase out the legacy browser last year, Microsoft announced that it permanently disabled Internet Explorer 11 on consumer versions of Windows 10.

The browser was available on Windows 10 previously, despite Microsoft noting that it was "retired" and "out of support." Windows 11 never shipped with Internet Explorer, with Microsoft moving to its new Edge browser.

Read more
Microsoft warns that relying on Internet Explorer may cause disruptions
windows 10 june update will kill internet explorer for good poznan  pol may 1 2021 laptop computer displaying logo

Microsoft has announced it will continue end-of-life updates in 2023 for its former browser, Internet Explorer, for older Windows versions.

Despite having ceased IE support on the current Windows 11 operating system version on June 15, Microsoft still allowed the legacy browser to function on many older versions, including Windows 10 Home, Pro, Enterprise, Edu, and IoT.

Read more
Is Microsoft’s new PC cleaner just an Edge ad in disguise?
The new PC Manager app on a Windows 11 desktop

Microsoft really wants you to use the Edge browser, so much so that the company has tied it to PC optimization in a new settings app. Microsoft PC Manager does what you could always do by opening the settings menu, but the new app also prompts you to set Edge as your default browser.

Screenshots of the new app were posted on Twitter by @ALumia_Italia and appears to show what is a public beta of the app. The app performs basic maintenance functions. You can check startup apps, check for updates, run disk cleanup, and other minor optimizations.

Read more