Internet Explorer (IE) has faced another Zero Day Attack that can cause your system to be remotely accessed by the attackers. Internet Explorer versions 6 through 11 are almost equally prone to this threat. Named as “Operation Clandestine Fox“, this attack uses the Flash exploitation technique. Citing the seriousness of this attack, US and UK Governments have issued an advise to avoid using IE until the bug is fixed. Attackers, who are supposed to be “APT Group” are using an Internet Explorer bug, that was not known so far. Microsoft has not issued any patch file to resolve the bug but they claim that the solution will be provided soon. So, if you are using IE, then the easiest safeguard is “switching to another browser” till the time the bug is fixed.
How Operation Clandestine Fox Attacks to Access Remotely?
Operation Clandestine Fox exploits a flaw in IE, that was first discovered by the security firm, FireEye.
It involves Flash exploitation technique to access arbitrary memory, and bypass Windows security techniques. This is how it works:
- Attacker creates an exploit page containing Flash SWF file. This SWF file corrupts the Flash object length to bypass Windows Security and gets access to memory.
- Now, it replaces a file in sound object with attacker created codes. When the system calls for the sound object, the attacker will get the access to your system.
In simpler interpretation, you can consider is it as a loophole that can be triggered only with Flash Player on IE.
But how does it affects me?
This attack is targeting IE9 and IE10 but the bug exists with all versions of IE (6 through 11). So, if you are using IE, your system can be accessed remotely. Once your system is accessed, the attacker can access every bit of information on your system, from your desktop folders to your saved passwords. The attacker, who accesses the system, will get the same rights as for the current user. So, the attacker can use the system pretty much in the same manner as you can. Rest is easy to understand, I guess. But do not panic, this attack can be easily be avoided.
How to Protect System Against Operation Clandestine Fox?
- As I mentioned above, easiest and most secure option against Operation Clandestine Fox is to avoid IE and shift to other web browsers (like: Firefox, Chrome, Safari, or Opera), until the patch file to fix the bug is available. However, those who are using IE on Windows XP may not get the solution as Microsoft discontinued support for the OS earlier this Month.
- IE is one of the most used web browsers and avoiding it may not be possible for many users. So, here is what you can do: Root of the attack lies with Flash player on the browser, so disable the Adobe Flash browser plugins in IE. Option to enable/disable the plugins is available in the “Manage Extensions” option in Tools button of IE.
- You may also try some mitigation steps suggested by Microsoft Security Advisory, such as:
- IE on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012, can be run in “Restricted mode” to reduce the vulnerability.
- Get the Enhanced Mitigation Experience Toolkit (EMET) to add a layer of protection against the attack.
- “Security level for this zone” in the Internet Options can be optimized to higher security.
Note: Operation Clandestine Fox is possible only with both IE and Adobe Flash working together. However, Adobe Flash Player carries no threat by itself, and you can keep using it with other browsers.
Final Note:
Entire internet was recently rattled by Heartbleed vulnerability. If though it is more or less patched now, but now this new vulnerability has come into picture. The biggest danger of it is for Microsoft XP users, for which Microsoft might never fix the flaw. So, they will potentially remain vulnerable forever (unless they switch to some other browser).
Till this patch is fixed, I strongly advise you to stop using IE completely. Chrome, Firefox, Safari, and Opera are good alternatives.
