When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

New Internet Explorer zero-day bug already in use by hackers

While Microsoft plans to fix a number of security issues on Tuesday with new software updates, a security firm claims to have found a new zero-day bug in most versions of Internet Explorer that it says is already being used by hackers.

The FireEye security company reported on the IE bug over the weekend, which it claims affects versions 7, 8, 9, and 10 of the web browser that are used with Windows XP and 7. FireEye claims that there are two separate IE flaws that have been discovered; one of them gives any hackers access to PC memory while the other leaks system information.

FireEye says the attackers who found this zero-day bug in IE have already used it to embed malware code into "a strategically important website, known to draw visitors that are likely interested in national and international security policy," though the security firm did not state which website was infected. The malware that's delivered by the unnamed site only exists in PC memory, which FireEye says makes it "exceptionally accomplished and elusive."

So far, Microsoft has yet to comment on FireEye's report. This bug is different from another security exploit that was found last week to be used in the wild. Microsoft has come up with a solution for that problem but has yet to release a full security patch for the bug.

Source: FireEye via Ars Technica | Image via Microsoft

Report a problem with article
Next Article

Microsoft says Xbox One isn't getting new DRM policies

Previous Article

Google ordered to hand over Street View data or face massive daily fines

Join the conversation!

Login or Sign Up to read and post a comment.

15 Comments - Add comment