Click here to load reader
Upload
yusuph-kileo
View
212
Download
0
Embed Size (px)
Citation preview
1
Internet Explorer users risk
having their computers taken
over
A major security flaw affecting several
versions of Microsoft’s Internet Explorer
web browser was discovered over the
weekend, and the percentage of computer
users that could be compromised by the
exploit is absolutely staggering.
Bill Gates’ Microsoft Corp. announced on
Saturday that Internet Explorer versions 6
through 11 are all vulnerable to a glitch that
when properly exploited can give hackers
remote access to a victim’s computer.
When combined, versions nine through 11
of the browser accounted for 26.25 percent
of all web traffic in 2013, security
firm FireEye claimed over the weekend. If
all vulnerable versions are accounted for,
however, then upwards of 56% of the
browsers currently in use around the world
are reportedly in danger of being exploited.
A person with knowledge of the
vulnerability may create a fake website that,
when visited, allows the hacker to exploit
the bug and break into their target’s
machine, Microsoft warned.
"An attacker who successfully exploited this
vulnerability could take complete control of
an affected system. An attacker could then
install programs; view, change or delete
data; or create new accounts with full user
rights," the company advised.
According to FireEye spokesman Vitor De
Souza, hackers had already taken advantage
of the exploit by targeting unnamed US-
based firms that are tied to the defense and
financial sectors.
"It's unclear what the motives of this attack
group are, at this point,” De Souza told
Reuters on Sunday. "It appears to be broad-
spectrum intel gathering."
On the official FireEye blog, security
experts said that the hacking campaign has
been dubbed “Operation Clandestine Fox,”
and is consistent with other attacks linked to
an advanced persistent threat group that has
previously attracted the attention of
investigators.
The unknown APT group has had access to
"a select number of browser-based 0-day
exploits in the past,” FireEye stated, but
declined to publish further details.
Microsoft was unable to patch the
vulnerability by the time the weekend was
over, and the United States government’s
Computer Emergency Readiness Team
(CERT) has issued an alert for computer
2
users to “consider employing an alternative
web browser.”
"We are currently unaware of a practical
solution to this problem," Carnegie Mellon's
Software Engineering Institute warned in an
advisory of its own.
Additionally, news of the vulnerability
surfaced only weeks after Microsoft
officially retired from offering security
patches to its highly popular XP operating
system.
"XP users are not safe anymore and this is
the first vulnerability that will be not
patched for their system, “Symantec
researcher Christian Tripputi warned.