While Microsoft plans to fix a number of security issues on Tuesday with new software updates, a security firm claims to have found a new zero-day bug in most versions of Internet Explorer that it says is already being used by hackers.
The FireEye security company reported on the IE bug over the weekend, which it claims affects versions 7, 8, 9, and 10 of the web browser that are used with Windows XP and 7. FireEye claims that there are two separate IE flaws that have been discovered; one of them gives any hackers access to PC memory while the other leaks system information.
FireEye says the attackers who found this zero-day bug in IE have already used it to embed malware code into “a strategically important website, known to draw visitors that are likely interested in national and international security policy,” though the security firm did not state which website was infected. The malware that’s delivered by the unnamed site only exists in PC memory, which FireEye says makes it “exceptionally accomplished and elusive.”
So far, Microsoft has yet to comment on FireEye’s report. This bug is different from another security exploit that was found last week to be used in the wild. Microsoft has come up with a solution for that problem but has yet to release a full security patch for the bug.