Microsoft scrambles to fix IE bug

Estimated 55% of machines at risk worldwide; XP users will not receive fix

Tags: Cyber crimeMicrosoft CorporationUSA
  • E-Mail
Microsoft scrambles to fix IE bug Microsoft said the flaw could allow a malicious party to gain admin rights on an affected machine.
By  Stephen McBride Published  April 28, 2014

Microsoft is working on a patch for a vulnerability in Internet Explorer found over the weekend by security specialist FireEye Inc.

According to a post on Microsoft's security website, the flaw is present in versions 6 to 11 of IE, which accounts for 55% of the world's PC-based browsers, according to figures from NetMarketShare. Through the vulnerability, malicious actors could gain admin rights to a machine, gaining full read-write control of system data.

FireEye said the bug was already being exploited by experienced hackers in a project called "Operation Clandestine Fox".   

"It's a campaign of targeted attacks seemingly against US-based firms, currently tied to defence and financial sectors," FireEye spokesman Vitor De Souza said in an emailed statement. "It's unclear what the motives of this attack group are, at this point. It appears to be broad-spectrum intel gathering."

Cyber security experts raised concerns about other hacking groups exploiting the flaw before Microsoft had released a fix.

"Microsoft should move fast," said Aviv Raff, chief technology officer of Seculert. "This will snowball."

Even after Microsoft deploys a patch for the IE problem, a large number of PCs will remain vulnerable. The fix will not be rolled out to the 15 to 20% of machines worldwide still running Windows XP after Redmond discontinued support for the legacy platform. Those users will have a choice of either upgrading to Windows 7 or 8 (which in a great many cases will involve fresh hardware), or switching to a different browser.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code