Skip to main content

Internet Explorer has a zero-day bug that Microsoft needs to fix

Internet Explorer is pre-installed on every Windows PC, even though it’s been superseded by Microsoft’s new Edge browser in terms of long-term support. The reason is simple: Many organizations use the archaic browser for legacy applications, and so Microsoft has had to keep it around but isn’t spending a great deal of time on improving it. Unfortunately, according to one security firm, Internet Explorer has a serious flaw that’s leaving it open to malware attacks.

ZDNet reports on the zero-day bug, which is coming from Chinese antivirus software company Qihoo 360 Core. The company’s security research team claim that the bug uses a Microsoft Office document that has a vulnerability installed that opens a web page that downloads a piece of malware. According to the researchers, the malware exploits a user account control (UAC) bypass attack, and it also utilizes file steganography, which is the technology of embedding a message, image, or file within another message, image, or file.

Qihoo 360 also reported on the bug via Twitter:

We uncovered an IE 0day vulnerability has been embedded in malicious MS Office document, targeting limited users by a known APT actor.Details reported to MSRC @msftsecresponse

— 360 Core Security (@360CoreSec) April 20, 2018

Microsoft responded to ZDNet’s request for comment with the following rather generic statement:

“Windows has a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as possible. We recommend customers use Windows 10 and the Microsoft Edge browser for the best protection. Our standard policy is to provide remediation via our current Update Tuesday schedule.”

The following image shows a basic flowchart of how the bug is executed on an affected system. Beyond this, there is not a great deal of information on the flaw and little else to go on in determining just how infected systems are impacted. Until Microsoft fixes the bug, of course, it will remain an issue for Windows users.

Qihoo 360

Apparently, the attack is being conducted globally by an “advanced persistent threat (APT) group.” That implies a group of hackers with some capabilities that can conduct such a sophisticated attack. Unfortunately, there is not much users can do at this point except follow the usual security advice: Keep your systems and software updated, make sure you’re using sufficient malware protection, and don’t open any files unless you’re absolutely certain that it’s from a trusted source and that it was sent on purpose.

Editors' Recommendations

Mark Coppock
Mark has been a geek since MS-DOS gave way to Windows and the PalmPilot was a thing. He’s translated his love for…
Internet Explorer’s slow death has finally come to an end
An Internet Explorer desktop icon.

Today, Microsoft is concluding the retirement and end-of-life support for its Internet Explorer browser.

This will finalize a months-long transition from Internet Explorer to Microsoft Edge. Edge has been the brand's primary browser since early 2020, which now comes as the default browser on new Windows devices.

Read more
Why nearly 50% of Windows 10 users still cling to Internet Explorer
Laptop running Internet Explorer.

In an unexpected development, it seems that many users just can't let Internet Explorer go. Although the browser is retiring, new research shows that up to 47% of Windows 10 devices still use Explorer as their browser.

Seeing as Microsoft has announced its retirement in 2020, users have been given plenty of time to move on to a different browser -- so why is it that so many still choose to stick with Explorer?

Read more
Microsoft says Edge has already saved 273 petabytes of RAM
how to mute tab your browser microsoft edge edgehtml tabs

Microsoft's efforts for browser efficiency appear to be paying off as the brand has announced that its built-in Sleeping Tabs tool is highly effective at conserving RAM on devices.

Microsoft recently shared on its Dev Twitter dedicated to the Microsoft Edge browser that its Sleeping Tabs tool has saved users a whopping 273 petabytes of RAM or 273,000 TB of RAM over the last 28 days. That equates to approximately 40MB of memory per tab of the 6 billion tabs tested, the company added.

Read more