Chinese cyber-security company Qihoo 360 says it has discovered that an ‘advanced persistent threat (APT)’ is using a zero-day vulnerability in the Internet Explorer kernel code to infect ‘targeted’ victims with malware. The company described the vulnerability as a ‘double kill’ bug, and said that it affects the latest version of the Internet Explorer and any other application that use the IE kernel.
The vulnerability has apparently been exploited already via Office documents sent to selected targets. “After the target opens the document, all exploit code and malicious payloads are loaded from a remote server”, said the researchers, who posted the results of their findings on Chinese social media site, Weibo.
It’s worth noting here that the term APT is often used by cyber-security experts to describe state-backed cyber-espionage teams, although, it isn’t clear right now if that’s the case here. Qihoo 360 says that it is not detailing everything about the bug because it has just reported about it to Microsoft, and in line with standard industry practice, is giving the Redmond company the requisite time to patch it up.
Meanwhile, this is hardly the only major security problem that Microsoft is having to deal with right now. Only last week, Google’s Project Zero (GPZ) researchers detailed a Windows 10 exploit that can potentially allow users to run arbitrary code to jailbreak what is essentially a locked-down operating system. There seems to be no remote code to exploit the flaw right now, which means potential hackers will need physical access to the devices to unlock the OS.