HP researchers find zero-day exploit in IE11 on Windows 8.1

Microsoft has to deal with yet another zero-day exploit found in a version of Internet Explorer. Fortunately, this flaw was found not by hackers but by security researchers and demoed as part of a non-competition portion of the Mobile Pwn2Own hacking contest.

PCWorld reports that researchers Abdul Aziz Hariri and Matt Molinyawe from HP’s Zero-Day Initiative team were able to hack into a Surface Pro tablet via a bug in IE11 running on Windows 8.1. The exploit allowed them to gain remote code execution which, Hariri said, "gave us full control over the whole machine". 

The flaw has already been reported to Microsoft but there's no word on when it might release a patch to close the exploit. There's currently no evidence that the flaw is being used in the wild.

Earlier this week, security patches and other fixes for IE11 were released by Microsoft, which bumped the version number of the browser from 11.0 to 11.0.1.

Another researcher, who uses the handle "Pinkie Pie" found a way to remotely control a Nexus 4 and a Samsung Galaxy S4 through an issue in the current version of Chrome for Android. He was awarded $50,000 for his efforts, which included a $10,000 bonus paid by Google.

Source: PC World | Image via Microsoft

Report a problem with article
Previous Story

Flipboard app for Windows 8.1 finally released

Next Story

Mozilla has “no plans to launch” Firefox OS phones in the U.S.

16 Comments

Commenting is disabled on this article.

> Microsoft has to deal with yet another zero-day exploit found in a version of Internet Explorer. Fortunately, this flaw was found not by hackers but by security researchers

The fact that security researchers found this exploit doesn't mean that hackers haven't also found it already.

The "fortunate" part, OTOH, is that at least now we know MS is aware of it.

From the article (which I'm sure you never bothered to read since the headline gave you all the info you needed to make an ignorant comment):

"Another researcher, who uses the handle "Pinkie Pie" found a way to remotely control a Nexus 4 and a Samsung Galaxy S4 through an issue in the current version of Chrome for Android."

Or Firefox, or Opera, or Seamonkey, or Palemoon, or Waterfox, or...............................

"Another researcher, who uses the handle "Pinkie Pie" found a way to remotely control a Nexus 4 and a Samsung Galaxy S4 through an issue in the current version of Chrome for Android. He was awarded $50,000 for his efforts, which included a $10,000 bonus paid by Google"

I liked that line also,

yowanvista said,
I don't get it, isn't code running in IE supposed to be isolated from the whole system with Protected Mode?

It makes it a lot harder.

All the successful exploits I've seen have worked by somehow getting the code to not be running in the sandbox in the first place. For example by firstly by attacking the zone handler to get a subsequent request to run in the "Trusted zone" which is not under protected mode by default and then a second attack to get control.

yowanvista said,
I don't get it, isn't code running in IE supposed to be isolated from the whole system with Protected Mode?

yes it is, if the flaw comes from IE.

but if the hacker says he has gained system level privileges, then I think he has exploited a kernel flaw, such as font parser flaws which have occurred several times over the last few years.

in this case, the sandbox don't even need to be bypassed because the malicious code runs directly in the kernel.

a similar flaw was used to break the chrome sandbox on windows during last Pwn2Own. And that is that kind of flaws that will make Chrome's sandbox permanently broken on XP once the support ends.

HP researchers should first fix their overheating cheap products and try improving other companies products afterwards

Good at least we know it will get fixed quick. Does anyone know if this affects Windows RT or if they actually had WinRT devices to hack at Pwn2own?

winrez said,
Good at least we know it will get fixed quick. Does anyone know if this affects Windows RT or if they actually had WinRT devices to hack at Pwn2own?

while the flaw itself probably affects Windows RT as well, the exploit code would need to be rewritten to target specifically windows RT. And then the malware would need to find another flaw to survive to a reboot, because at the next reboot WindowsRT would only load components signed by Microsoft.

by the way, the neowin article doesn't mention it, but Safari on iOS and Chrome on android have been hacked as well during the same contest.

so, you're not safer with ios or android.
fortunately these flaws are not exploited in the wild, and shouldn't be in the near future.

however, since android is never updated on older devices, that means there is yet android kernel flaw that won't be fixed (and the chrome flaw probably affect the stock browser and any web kit based browser as well). So updating the Chrome browser will only provide a partial fix, until every OEM provide an android update to their users... (not going to happen)

i must change career, as doing security research pays off for a couple of security researches more than several years of labor