Chinas Qihoo 360 Warns Microsoft of Zero-Day Vulnerability in Internet Explorer
The vulnerability has apparently been exploited already via Office documents sent to selected targets. “After the target opens the document, all exploit code and malicious payloads are loaded from a remote server”, said the researchers, who posted the results of their findings on Chinese social media site, Weibo.
Its worth noting here that the term APT is often used by cyber-security experts to describe state-backed cyber-espionage teams, although, it isnt clear right now if thats the case here. Qihoo 360 says that it is not detailing everything about the bug because it has just reported about it to Microsoft, and in line with standard industry practice, is giving the Redmond company the requisite time to patch it up.
Meanwhile, this is hardly the only major security problem that Microsoft is having to deal with right now. Only last week, Googles Project Zero (GPZ) researchers detailed a Windows 10 exploit that can potentially allow users to run arbitrary code to jailbreak what is essentially a locked-down operating system. There seems to be no remote code to exploit the flaw right now, which means potential hackers will need physical access to the devices to unlock the OS.