Security Protection – Harry Waldron MVP Rotating Header Image

Internet Explorer Zero Day – CVE-2014-1776 exploit used in targeted attack

 

Several links found in research are noted below which describe this new vulnerability and limited attacks circulating in wild:

http://securitywatch.pcmag.com/hacking/323081-xp-users-permanently-vulnerable-to-new-internet-explorer-exploit

http://blog.trendmicro.com/trendlabs-security-intelligence/internet-explorer-zero-day-hits-all-versions-in-use/

https://isc.sans.edu/forums/diary/IE+Zero+Day+Advisory+from+Microsoft/18035

https://technet.microsoft.com/en-US/library/security/2963983

http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html

http://www.symantec.com/connect/blogs/zero-day-internet-vulnerability-let-loose-wild

http://blogs.mcafee.com/mcafee-labs/product-coverage-mitigation-cve-2014-1776-microsoft-internet-explorer

QUOTE: Don’t say we didn’t warn you. Microsoft ended support for Windows XP earlier this month, meaning any new security holes won’t be patched. Well, they’ve found one, and it’s a doozy. Affecting Internet Explorer versions from 6.0 through 11, this bug lets the bad guys execute arbitrary code on your system. As soon as you visit a gimmicked website, you’re pwned. Other Windows versions will get patched, but not XP.  You may remember that Windows XP never advanced beyond IE8. Researchers at FireEye say the attacks they’ve seen are targeting IE9 and later, but that doesn’t mean earlier versions couldn’t be hit.

Comments are closed.