1

Internet Explorer users risk

having their computers taken

over

A major security flaw affecting several

versions of Microsoft’s Internet Explorer

web browser was discovered over the

weekend, and the percentage of computer

users that could be compromised by the

exploit is absolutely staggering.

Bill Gates’ Microsoft Corp. announced on

Saturday that Internet Explorer versions 6

through 11 are all vulnerable to a glitch that

when properly exploited can give hackers

remote access to a victim’s computer.

When combined, versions nine through 11

of the browser accounted for 26.25 percent

of all web traffic in 2013, security

firm FireEye claimed over the weekend. If

all vulnerable versions are accounted for,

however, then upwards of 56% of the

browsers currently in use around the world

are reportedly in danger of being exploited.

A person with knowledge of the

vulnerability may create a fake website that,

when visited, allows the hacker to exploit

the bug and break into their target’s

machine, Microsoft warned.

"An attacker who successfully exploited this

vulnerability could take complete control of

an affected system. An attacker could then

install programs; view, change or delete

data; or create new accounts with full user

rights," the company advised.

According to FireEye spokesman Vitor De

Souza, hackers had already taken advantage

of the exploit by targeting unnamed US-

based firms that are tied to the defense and

financial sectors.

"It's unclear what the motives of this attack

group are, at this point,” De Souza told

Reuters on Sunday. "It appears to be broad-

spectrum intel gathering."

On the official FireEye blog, security

experts said that the hacking campaign has

been dubbed “Operation Clandestine Fox,”

and is consistent with other attacks linked to

an advanced persistent threat group that has

previously attracted the attention of

investigators.

The unknown APT group has had access to

"a select number of browser-based 0-day

exploits in the past,” FireEye stated, but

declined to publish further details.

Microsoft was unable to patch the

vulnerability by the time the weekend was

over, and the United States government’s

Computer Emergency Readiness Team

(CERT) has issued an alert for computer

2

users to “consider employing an alternative

web browser.”

"We are currently unaware of a practical

solution to this problem," Carnegie Mellon's

Software Engineering Institute warned in an

advisory of its own.

Additionally, news of the vulnerability

surfaced only weeks after Microsoft

officially retired from offering security

patches to its highly popular XP operating

system.

"XP users are not safe anymore and this is

the first vulnerability that will be not

patched for their system, “Symantec

researcher Christian Tripputi warned.