In January, Microsoft and Google founded that the North Koran hacking group named Lazarus was executing a social engineering attack against the cyber experts.
Whereas, the Internet Explorer 11 zero-day vulnerability was used and not fixed by Microsoft, received a micro patch that assists the exploitation.
While executing this attack the attackers contact security researchers through social media and ask them if they needed to collaborate the vulnerability and exploitation. Those researchers who are interested had received a link to a blog that contains the information related to exploiting kits and other malicious Visual Studio projects data or the MHTML file that may get exploit and installing a custom backdoor into the system.
According to the investigation, these attacks are managed by shutting down the C2C servers, therefore it is not possible to identify what exploits had be deployed in this attack.
How Attackers Used Internet Explorer Zero-Day Vulnerability?
According to the investigation, this month the South Korean cybersecurity organization ENKI discovered that Lazarus had targeted their security researchers with the help of social engineering methods and MHTML files.
ENKI said that their security researched was not affected and they were able to analyze the payloads while finding the methods used in Internet Explorer 11 zero-day vulnerability attack.
Whereas, an MHT file or MIME HTML file is a file format used by the Internet Explorer while capturing the web page and other resources into the single archive file format. As the MHT file is executed, Windows will start using Internet Explorer to open the file automatically and uses it as it is configured as the default file handler.
What Unauthorized IE Patch Includes?
Matija Kolsed, CEO of ACROS Security has confirmed that the vulnerability is not been fixed in the recent patch that Microsoft delivered.
Whereas, Microsoft is not publicly announced this Internet Explorer 11 zero-day vulnerability nor they assigned any CVE identifier.
Today, oPatch said that they are delivering a micro patch to fix the Internet Explorer 11 vulnerability that was used by the attackers widely. They say that;
“Our micropatch is applied under the Cattribute::put_ie9_nodeValue fuction of mshtml.dll filem where t check all the VARIANT type value that JavaScript code need to assign and also it prevents all the happening if type is 9.”
They also added that;
“While ptaching this vulnerability we want to break and obscrue browser functions that permits the HTML attaributes value to the object, which is useful for few web developers and whose applications are used to work with the Internet Explorer 11.”
The micro patch is provided on the site of Opatch, the patch is free for personal and other non-profit educational users. Users have to register their account and install the agent to get access to this patch.
Micropatch Supports in System!
This temporary micro patch will work for the systems listed below;
Windows Systems Updated to January 2021 Patches
- Windows 7 + ESU
- Server 2008 R2 + ESU
- Windows Server 2016, 2019
Windows System Updated to January 2020
- Windows 7 w/o ESU
- Windows Server 2008 R2 w/o ESU
Remaining Up
Internet Explorer is widely used by multiple organizations and this vulnerability will affect many users and workstations. Therefore an update or patch is required to prevent unauthorized access.
