June 12, 2014 by Vasilis Papanikolaou
A new Internet Explorer zero-day vulnerability was recently discovered by FireEye. The versions affected are IE 6 through IE 11 and according to Microsoft this vulnerability has already been leveraged against a limited number of users. This flaw was named “Operation Clandestine Fox” by FireEye. It is a remote code execution vulnerability which is caused by the way that Internet Explorer accesses an object in memory that has been deleted or not been correctly allocated. Because of this vulnerability, memory can be corrupted in such a way that attackers might be enabled to run arbitrary code. This flaw can be exploited by conducting a social engineering attack, for example by convincing a user to visit an especially crafted website made to exploit this breach.
For now, there is no fix released by Microsoft. Until then, users can protect themselves by simply using a different browser. However, users that insist on using Internet Explorer can follow one of the most well-known security rules: “Do not click on suspicious links.” Finally, they can also download Microsoft’s Enhanced Mitigation Experience Toolkit (download link) which will harden Internet Explorer’s security and make this vulnerability harder to exploit, but this does not mean that it can completely stop a potential exploitation.
