A newly discovered vulnerability in the Microsoft Internet Explorer browser versions 6 to 11 was publicly acknowledged by Microsoft on April 26th, 2014. This is a ‘zero-day’, previously unknown vulnerability. Threat actors are currently exploiting this vulnerability to bypass protection mechanisms used by Microsoft Windows to conduct advanced persistent threat (APT) style attacks.
The vulnerability allows an attacker to download code to a victim’s computer without their knowledge. This code allows the attacker to create a back door to a computer from which numerous exploits can be launched to obtain access to sensitive information, install software to remotely control the system and perform data exfiltration, or propagate an attack from a victim’s machine to others (botnet).
The vulnerability exists due to a flaw in Internet Explorer and how it accesses system memory. PwC is aware of at least one published ‘zero-day’ exploit that uses malicious Adobe Flash files in order to successfully attack systems. There may be other unpublished exploits.
Attackers could leverage this vulnerability to introduce customized malware, rootkits or other APTs to conduct targeted attacks on systems, with little or no perceived user detection (‘Drive-by’ scenarios). A likely method of attack would require users to visit an attacker hosted website with malicious content. Typically, this would be achieved through exploiting a lack of information security awareness. Attackers would use social engineering techniques, such as sending unsolicited e-mails or instant messages trying to convince users to click on malicious links or open attachments.
Internet Explorer on both desktop and server versions of Windows are vulnerable. However, the out-of-the-box default configuration on the Windows server versions of Internet Explorer runs in a special secure environment known as ‘Enhanced Security Configuration,’ which defends against this issue.
For a deeper conversation contact Salim Hasham, Partner, National Cyber Resilence Leader.
PwC’s Cyber Resilience practice
Our Cyber Resilience practice helps you envision a security strategy that aligns with your corporate goals by understanding and quantifying your risk environment. We transform your processes and tools to provide your business with the necessary technology tools to reach new markets, suppliers, partners while addressing continually changing customer demands. We work with you to protect what’s important by putting in place the right people and processes so that you’ll know where your critical information is and how to safeguard it. We help you respond quickly and efficiently should an urgent need arise.