Microsoft has warned web users to be extra vigilant, following the discovery of a critical security flaw in its Internet Explorer (IE) web browser, believed to be leave one in four web users open to attack.
The vulnerability affects multiple versions of IE and was first discovered by security researchers at FireEye. The IE flaw theoretically lets hackers use a Flash exploitation technique to mount a remote code execution attack.
The FireEye threat advisory said: "The vulnerability affects IE6 through IE11, but the attack is targeting IE9 through IE11. We believe this is a significant zero day as the vulnerable versions represent about a quarter of the total browser market."
Microsoft Trustworthy Computing (TwC) group manager of response communications Dustin Childs said Microsoft is aware of the vulnerability in a blog post, warning IE users to deploy a variety of temporary security measures while it works on a full patch.
"Our initial investigation has revealed that Enhanced Protected Mode, on by default for the modern browsing experience in Internet Explorer 10 and Internet Explorer 11, as well as Enhanced Mitigation Experience Toolkit (EMET) 4.1 and EMET 5.0 Technical Preview, will help protect against this potential risk," read the post.
"We also encourage you to follow the ‘Protect Your Computer' guidance of enabling a firewall, applying all software updates and installing antivirus and anti-spyware software."
The FireEye researchers said that although the vulnerability in theory affects one in four of web users, it is only being actively exploited as a part of an ongoing targeted hack campaign, codenamed Operation Clandestine Fox.
FireEye declined to disclose the goal of the operation or its victim base. The researchers said determining the origin of the operation is difficult as it uses advanced techniques to hide its movements, but added that the group behind it is known to have mounted several similar attacks in the past.
"The APT group responsible for this exploit has been the first group to have access to a select number of browser-based zero day exploits in the past. They are extremely proficient at lateral movement and are difficult to track, as they typically do not reuse command-and-control infrastructure," said the post.
Targeted attacks leveraging vulnerabilities in Microsoft services are a growing problem facing businesses. Security researchers at Trend Micro reported a sophisticated hack campaign in March, targeting Word and Excel users with new data-siphoning malware that hides its movements using the Tor network.
A new RSA report urges coders to sign a 'Hippocratic Oath' before embarking on AI programmes.
IT security vendor believes APT33 is working for the Iranian government
Darktrace pushes machine learning to take some of the pressure off of IT and security teams
Google also gets its hands on HTC's IP in a non-exclusive deal