Operation Clandestine Fox and the Microsoft Internet Explorer Use-After-Free Vulnerability
Over the weekend (April 27), a security bug was found on Microsoft’s Internet Explorer which can allow a remote, unauthenticated attacker to execute code on a vulnerable system. Internet Explorer versions 6-11 are affected. It is reported that a sophisticated group of hackers is exploiting the security flaw, dubbed “Operation Clandestine Fox”.
A security fix has not been provided yet. According to Microsoft Security Advisory 2963983, they are still investigating this reported bug and a security update will be released accordingly. With this latest security threat, it is imperative that users keep their computer’s security protection up to date. Basic security measures, such as enabling firewalls, applying all software updates, and installing anti-malware & anti-virus software has never been more important.
To complicate the issue, the threat is not merely limited to Internet Explorer. With the tight integration of operating systems, web browsers, and other programs such as Outlook, users are highly advised not to click on any links from untrusted sources. Users may work around this security threat by using a different web browser, such as Mozilla Firefox or Google Chrome.
It must also be noted that as Microsoft discontinued support for Windows XP (effective April 8, 2014), any update to fix the reported vulnerability will not be available for Windows XP users. It is estimated that 15-25 percent of PC users are still on Windows XP. “Everybody should be moving off of it now. They should have done it months ago”, said Jeff Williams, director of security strategy with Dell SecureWorks.