Chinese antivirus firm Qihoo 360 found the zero-day exploit which as yet remains unpatched, and is apparently being targeted by a group of hackers at a global level, as reported by ZDNet.
This group is apparently leveraging the exploit using malicious Office documents. When said document is opened, it fires up a web page in the background of Internet Explorer, which subsequently facilitates the transmission of malware from a remote server. The host PC is then infected.
The exact details haven’t been made clear, but it seems that this attack employs a well-known User Account Control bypass – to get round any warning pop-up messages which might alert the user that something bad might be about to happen – and also clever file steganography techniques (stealthily hiding files within files).
This vulnerability affects even the latest version of Internet Explorer, so if you do still use Microsoft’s aging browser, it’s certainly something you need to be aware of.
Of course, you can avoid becoming a victim simply by not opening any Office document you’re unsure of in the first place, which is obviously solid security practice.
Hopefully Microsoft will patch the hole soon enough, with the software giant issuing a fairly generic statement to say: “Windows has a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as possible.
“We recommend customers use Windows 10 and the Microsoft Edge browser for the best protection. Our standard policy is to provide remediation via our current Update Tuesday schedule.”
Clearly, this is another reminder that if Internet Explorer is still your browser of choice, you might want to consider a shift to a more secure haven for your trips to the web (unless you’re forced to use IE for legacy reasons).
And if you don’t want to switch to Microsoft Edge, there are of course many good third-party alternatives such as Firefox, Chrome, and some less well-known browsers, too.
- Surf the web on the go with one of our best laptops
Sign up for Black Friday email alerts!
Get the hottest deals available in your inbox plus news, reviews, opinion, analysis and more from the TechRadar team.
Darren is a freelancer writing news and features for TechRadar (and occasionally T3) across a broad range of computing topics including CPUs, GPUs, various other hardware, VPNs, antivirus and more. He has written about tech for the best part of three decades, and writes books in his spare time (his debut novel - 'I Know What You Did Last Supper' - was published by Hachette UK in 2013).