Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Hackers find first post-retirement Windows XP-related vulnerability

Gregg Keizer | April 28, 2014
Microsoft on Saturday told customers that cyber-criminals are exploiting an unpatched and critical vulnerability in Internet Explorer (IE) using "drive-by" attacks.

On that blog, FireEye called the flaw "a significant zero day" and said that the current exploits rely in part on the presence of Adobe Flash Player. "Disabling the Flash plug-in within IE will prevent the exploit from functioning," FireEye wrote.

FireEye said the hacker group behind the IE exploit is a sophisticated gang that has launched browser-based attacks in the past.

"The APT [advanced persistent threat] group responsible for this exploit has been the first group to have access to a select number of browser-based 0-day exploits (e.g. IE, Firefox, and Flash) in the past," Firefox claimed. "They are extremely proficient at lateral movement and are difficult to track, as they typically do not reuse command and control infrastructure."

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.