Security Affairs
Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|
Advertisement

Ad Placeholder

Full Width × 90

Hacking

New Microsoft IE zero-day vulnerability in the wild

Microsoft announced to be aware of a new IE Zero Day vulnerability (CVE-2013-3893) that affects Windows browsers IE 8 and IE 9 recently targeted by hackers.   Microsoft announced to be aware of the presence of a zero-day vulnerability (CVE-2013-3893) in its browser IE. Windows browsers IE 8 and IE 9 are affected by serious zero-day vulnerability recently targeted […]

New Microsoft IE zero-day vulnerability in the wild

Microsoft announced to be aware of a new IE Zero Day vulnerability (CVE-2013-3893) that affects Windows browsers IE 8 and IE 9 recently targeted by hackers.

 

Microsoft announced to be aware of the presence of a zero-day vulnerability (CVE-2013-3893) in its browser IE. Windows browsers IE 8 and IE 9 are affected by serious zero-day vulnerability recently targeted by hackers during attacks.

Microsoft confirmed that the flaw was unknown before the attacks and for this reason it is working on an official patch to protect its customers’ browser, anyway due the severity of the bug it has released a fix to protect the users. The official advisory issued today describes the IE zero-day vulnerability  as a  remote code bug that could be exploited by hackers to install malware on the victim’s machine just visiting a malicious link.

“The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.”

MS zero-day vulnerability

We discussed several times on the efficiency of a zero-day vulnerability in the browsers and the possible risks related to its exploitation, victims could be infected despite they adopt all necessary countermeasures due the lack of knowledge on the flaw.

The exploitation of a zero-day flaw is very common for state-sponsored attacks, typically the discovery of such bugs requests a great effort in research and it’s expensive,  spear-phishing attacks and watering hole attacks are the most common attack scenarios. A hacker could host a website that serves maliciously exploit  for the this zero-day vulnerability, another possibility is the impairment of website usually visited by victims.

In the specific case if the attacker successfully exploited the zero-day vulnerability could gain the same user rights as the current user, due this reason MS confirmed that whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Applying the fix prepared by Microsoft may limit some functionalities of IE, so if user notices problems he can reverse the  fix.

Pierluigi Paganini

(Security Affairs –  Microsoft, IE, zero-day)