For at least a month, Internet Explorer users have been actively attacked through a zero-day vulnerability in their browser. Through the vulnerability an attacker can gain full control over the computer. To become a victim of such an attack it's enough to visit a hacked or malicious website.
Yesterday, Microsoft released a patch for the vulnerability that was discovered last month by antivirus vendor Trend Micro during an actual attack. The exploit of the attackers made use of an obfuscation method that was also used during a previous zero-day attack. That attack targeted the Windows VBScript Engine and was patched by Microsoft in May this year.
Given the similarities between the exploits in May and July, Trend Micro suspects the same author or group is responsible. The antivirus vendor also warns Internet Explorer users that it's likely not the last zero-day attack.
“Since it is the second VB engine exploit found in the wild this year, it is not far-fetched to expect other vulnerability findings in the VB engine in the future,” Trend Micro writes on its website.
The antivirus vendor doesn't provide many details about the attack, but a screenshot of the domain used by the attackers to load the exploit from reveals it contains the words “windows-updat”. According to Trend Micro Internet Explorer 11 on Windows 10 is not vulnerable because VBScript is disabled by default since the Fall Creators Update.
Microsoft however, states in its security bulletin that Internet Explorer on the most recent Windows 10 version is indeed vulnerable.
