Microsoft has confirmed that a zero-day bug exists in Internet Explorer 8 and is working hard to release a patch. However, this isn’t just an ordinary zero-day bug. According to several security firms, Chinese hackers are using this zero-day bug in IE8 to target nuclear weapons researchers running Microsoft’s Windows XP operating system.
This vulnerability has been exploited against government agencies in the United States. “The exploit on the [Department of Labor] site appears to be exploiting a zero-day exploit affecting Internet Explorer 8 (IE8) only, [via a] use-after-free memory vulnerability that when exploited allows an attacker to remotely execute arbitrary code,” Eddie Mitchell stated. He’s a security engineer at Invincea.
The reason Chinese hackers are being blamed for this attack is because security firms are claiming that this latest attack is similar to past attacks that had targeted the Council on Foreign Relations (CFR) and Chinese dissidents in 2012.
Microsoft has confirmed that all versions of Internet Explorer 8 running on Windows XP, Windows Vista, and Windows 7 are at risk. Internet Explorer 8 is still number one in market share when compared to other editions of Microsoft’s internet browser, beating out the latest Internet Explorer 10 browser. Microsoft has yet to release a patch to fix this vulnerability and we are expecting a fix during this months Patch Tuesday. Microsoft may even release the fix outside of Patch Tuesday due to its severity.