Microsoft has confirmed that there is a zero-day exploit in Internet Explorer 8 (IE8), which led to hacks on the US Department of Labour (DOL) and the Department of Energy (DOE) websites.
The discovery came from research uncovered by AlienVault Labs. According to the security research firm, the hack led website traffic to be redirected to malicious code. Following the disclosure, Microsoft has said it is working to patch the exploit.
"This is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated," wrote Microsoft, in a security advisory on the exploit.
"The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website."
Redmond said that the exploit is currently being examined and a patch should be expected to come as part of the impending Patch Tuesday release. Until the patch is released, Microsoft recommends that users implement basic security protections.
According to AlienVault, the exploit was used by Chinese hackers to grab hold of government data. The exploit reportedly led to files being downloaded onto the hackers' servers.
The exploit was originally considered to be focused on gathering intelligence from the DOL to better understand their sites' security defensives. However, research firm Invincea later discovered that the hack was intended to serve as a watering hole attack.
According to Invincea, the hack was aimed at collecting data from DOE employees who worked with the DOL website. The research firm says that the goal was to uncover information from DOE workers that handled nuclear-related illness related to DOE facilities.
Comcast's £29.7bn winning bid more than twice the £13.7bn Rupert Murdoch valued Sky at just eight years ago
A nuclear strike has been considered, but Bruce Willis is nowhere in sight
Spray-on antenna could enable seamless integration of antennas with everyday objects
Parker Solar Probe, TESS and GOLD missions will deliver exciting data, claims NASA