Double Kill Internet Explorer Zero-Day Exploit Reportedly Wreaking Havoc With Targeted Attacks

If you are [for some bizarre reason] still running Microsoft's Internet Explorer web browser, you might want to take notice of a new zero-day vulnerability that is making the rounds around the globe. The exploit is called "Double Kill" and was discovered by Chinese security firm Qihoo 360.

Qihoo 360 thankfully isn't divulging any technical details about Double Kill, but it does acknowledge that it has contacted Microsoft to give the company a heads up. What we do know, however, is that Double Kill involves an Internet Explorer vulnerability that uses Microsoft Word documents (usually sent an email attachment) as the attack vector

microsoft building

Opening the Word document is all that is required for a malicious embed web link to deliver a trojan to the victim's computer. The trojan is then somehow able to activate Internet Explorer in the background to take control of the victim’s computer, even bypassing protections afforded by Windows User Account Control (UAC). What's worse is that there are no visual cues that would alert the user that something nefarious is going on in the background.

"Hackers carried out the APT attack by delivering Office documents containing malicious webpages," writes Qihoo 360. "When affected users opened the documents, malicious scripts and payloads using the vulnerability were downloaded from a remote host and executed."

Although Microsoft has allegedly been contacted about Double Kill, it is not known if a fix will be rolled up into the next Patch Tuesday, which is scheduled for May 8th. Microsoft might have not had enough time to identify and properly vet its fix, as we've seen in cases before when Google pulled down the company's shorts for blowing past a deadline.

May 8th is also the latest rumored release date for the Windows 10 April Update.


Show comments blog comments powered by Disqus