Microsoft revealed late Saturday a previously unknown security hole found in all versions of Internet Explorer, which has already been exploited by a group of hackers targeting specific companies in the United States.
The zero-day vulnerability, warned Microsoft, affects versions 6 through 11 of its Internet browser, but attacks are specifically targeted at versions 9, 10 and 11. Microsoft describes it as a "remote code execution" vulnerability, which could provide hackers full control of a user's computer and do things undetected, such as alter data, install malicious software, or convince the user to visit a website designed to attack the user's system by sending an email with a link or attachment to open.
The attack, officially referred to as CVE-2014-1776, is a "use after free" attack that manipulates data after objects from the memory are released. It also uses a Flash exploitation technique to bypass Windows security features Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR).
This comes after Microsoft stopped releasing updates, including security patches for Windows XP users only three weeks ago.
"Our internal testing with Windows XP confirmed the vulnerability returning an Internet Explorer crash. This should remark that especially XP users are not safe anymore and this is the first vulnerability that will not be patched for their system," writes Christian Tripputi on the Symantec blog.
FireEye Research Labs first discovered the bug. In its own security advisory, FireEye says that a group of advanced hackers are already exploiting the glitch in an ongoing campaign called Operation Clandestine Fox, which is targeted at finance and defense firms in the U.S.
"It's unclear what the motives of this attack group are, at this point. It appears to be broad-spectrum intel gathering," said FireEye spokesman Vitor De Souza in an email to the Sydney Morning Herald.
FireEye encourages users to install Enhanced Mitigation Experience Toolkit versions 4.1 or 5.0, which it says can "break and/or detect" the exploit in its own systems. Turning on Enhanced Protected Mode in Internet Explorer 10 and 11 can also mitigate the threat, it says. The firm also advised users to disable the Flash plugin in their browsers.
For its part, Microsoft says it is currently investigating the issue and is expected to release a security update for its customers, save its Windows XP users.
"On completion of our investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs," promised the software maker in its security advisory.
Approximately 25% of all Internet users in the U.S. use Internet Explorer.