Microsoft has issued a security warning for users of the Internet Explorer browser. A 0-day exploit that allows hackers to hijack vulnerable systems through almost all active versions of the browser. More importantly, researchers say that hackers are aware of the vulnerability and have already been using it to make attacks.
The exploit affects versions 6 through 11 of the Internet Explorer; which collectively make up some 26% of all web browsers used. Microsoft has issued multiple blog posts since the vulnerability, recorded as CVE-2014-1776, was discovered on Friday. Users are advised to download the Microsoft Enhanced Mitigation Experience Toolkit (EMET) as a short term solution to the issue. Disabling VML and Flash is also recommended until a solution to the problem can be provided.
Security group FireEye, published a blog post on the exploit explaining how the exploit works; but declined to release details about the current campaign of malicious attacks using it for fear of triggering copycat attacks. However, FireEye has pointed out that the group behind the 0-day exploit are “extremely proficient at lateral movement and are difficult to track, as they typically do not reuse command and control infrastructure”.
For more information about what to do while waiting for a patch, click here.