Security researchers from the Chinese internet security company Qihoo 360, recently reported to Microsoft an APT (advanced persistent threat) that uses a zero-day vulnerability in the Internet Explorer kernel code to infect victims with malware.
The vulnerability, which was dubbed ‘double kill,’ is probably located in Internet Explorer, but is exploited through a Microsoft Word document that embeds a malicious web page. This targeted attack distributes a Trojan malware that allows attackers to take control of the infected computer. It is done by several techniques including UAC (User Account Control) bypass attack, file steganography, memory reflection and fileless code loading. The payload is loaded from a remote server, according to Qihoo 360 researchers.
The vulnerability affects the latest versions of IE and other applications that use the browser according to the firm. The company has not revealed the exact exploitation chain, but provided a rough flowchart of the attack in the following image: (taken from the original pulse by Qihoo 360)
Microsoft has yet to publicly confirm or deny the vulnerability reported by Qihoo 360, but issued the following general statement: “Windows has a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as possible. We recommend customers use Windows 10 and the Microsoft Edge browser for the best protection. Our standard policy is to provide remediation via our current Update Tuesday schedule.”