FireEye researchers spotted a new zero-day in the wild, with all versions of IE vulnerable, but with IE 9 -11 being targeted for 'Operation Clandestine Fox.' “Microsoft is aware of limited, targeted attacks that attempt to exploit a vulnerability in Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11,” states a security advisory for CVE-2014-1776 that Microsoft released late on Saturday.FireEye Research Labs identified this new zero-day that is actively being exploited in an ongoing campaign dubbed “Operation Clandestine Fox.” The zero-day is “significant” since the vulnerable versions of Internet Explorer “represent about a quarter of the total browser market.” More specifically, FireEye said the “vulnerability affects IE 6 through IE 11, but the attack is targeting IE 9 through IE 11. This zero-day bypasses both ASLR and DEP.”Microsoft said:The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.FireEye said, “The APT group responsible for this exploit has been the first group to have access to a select number of browser-based 0-day exploits (e.g. IE, Firefox, and Flash) in the past. They are extremely proficient at lateral movement and are difficult to track, as they typically do not reuse command and control infrastructure.” Although the researchers’ investigation is still ongoing, they explained some exploitation details, as the “exploit leverages a previously unknown use-after-free vulnerability, and uses a well-known Flash exploitation technique to achieve arbitrary memory access and bypass Windows’ ASLR and DEP protections.”During a BSides presentation in February, a Bromium Labs’ security researcher bypassed “all of the protections” in Microsoft’s free Enhanced Mitigation Experience Toolkit (EMET) 4.1. Shortly thereafter, Microsoft released a tech preview of EMET version 5. However, FireEye researchers are recommending EMET as mitigation for the current zero-day exploiting IE. Using EMET may break the exploit in your environment and prevent it from successfully controlling your computer. EMET versions 4.1 and 5.0 break (and/or detect) the exploit in our tests. Enhanced Protected Mode in IE breaks the exploit in our tests. EPM was introduced in IE10. Additionally, the attack will not work without Adobe Flash. Disabling the Flash plugin within IE will prevent the exploit from functioning.Microsoft is currently investigating and working on a fix, but here we venture into a zero-day being exploited in the wild after security patches for XP have come to an end. However, XP was stuck on IE 8, which is vulnerable but not currently being targeted for “Operation Clandestine Fox.”Like this? Here’s more posts:Twice as many desktops still running Windows XP than Windows 8, 8.1 combinedIP address does not identify a person, judge tells copyright troll in BitTorrent caseForget physical access: Remote USB attacks can blue screen Windows serversWhen student recorded bullies with iPad, school claimed it was felony wiretappingData breach report: 9 attack patterns describe 92% of 100,000 security incidentsRecord and rewind: Cops quietly test aerial surveillance to track crimeFake police warning leads to murder-suicide: Deaths due to ransomware?Windows 8.1. Update required for future Windows 8.1, Server 2012 R2 security patchesHow to change Windows 8.1 to local account with no Microsoft email account requiredWould you be on Project Insight kill list from ‘Captain America: The Winter Soldier’?Research: Attacks on HTML5-based apps infect smartphones, spread like a ‘worm’USA world rankings: #1 for sending spam, #8 for Netflix streaming speedsFollow me on Twitter @PrivacyFanatic Related content news Dow Jones watchlist of high-risk businesses, people found on unsecured database A Dow Jones watchlist of 2.4 million at-risk businesses, politicians, and individuals was left unprotected on public cloud server. By Ms. Smith Feb 28, 2019 4 mins Data Breach Hacking Security news Ransomware attacks hit Florida ISP, Australian cardiology group Ransomware attacks might be on the decline, but that doesn't mean we don't have new victims. A Florida ISP and an Australian cardiology group were hit recently. By Ms. Smith Feb 27, 2019 4 mins Ransomware Security news Bare-metal cloud servers vulnerable to Cloudborne flaw Researchers warn that firmware backdoors planted on bare-metal cloud servers could later be exploited to brick a different customer’s server, to steal their data, or for ransomware attacks. By Ms. Smith Feb 26, 2019 3 mins Cloud Computing Security news Meet the man-in-the-room attack: Hackers can invisibly eavesdrop on Bigscreen VR users Flaws in Bigscreen could allow 'invisible Peeping Tom' hackers to eavesdrop on Bigscreen VR users, to discreetly deliver malware payloads, to completely control victims' computers and even to start a worm infection spreading through VR By Ms. Smith Feb 21, 2019 4 mins Hacking Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe