Microsoft may have released new Internet Explorer security patches earlier this week, but now the company has confirmed that a new zero-day exploit in IE10 has been found and is apparently being used by an unknown group to target members of the U.S. military.
The flaw was found by the security firm FireEye, which it says was used by the mystery hackers to compromise the website of the U.S. Veterans of Foreign Wars. The firm states:
We believe the attack is a strategic Web compromise targeting American military personnel amid a paralyzing snowstorm at the U.S. Capitol in the days leading up to the Presidents Day holiday weekend.
Visitors to the site with IE10 loaded another page created by the group in the background, which runs a Flash-based object that completes the rest of the attack. This issue is just with IE10; users who upgrade to the current IE11 browser are not affected by this exploit.
In a statement sent to Computerworld, Microsoft says it is aware of the IE10 zero-day issue and added, "We are investigating and we will take appropriate actions to help protect customers." IE10 currently has 9.28 percent of the worldwide web browser market share, according to Net Applications, but its percentage has gone down rapidly in the past few months since the launch of IE11.
Source: FireEye via Computerworld | Image via U.S. Veterans of Foreign Wars