Posted on January 22, 2020 at 4:54 PM

Internet Explorer Flaw Invites North Korean Hackers

According to reports, North Korea is currently exploiting a vulnerability in Internet Explorer. Microsoft has come out to advise internet explorer users to stop using the open-source browser until the flaw has been patched. It instead asked users to download the new edge browser. Microsoft gave reasons why the best option for internet explorer users is to download the edge browser.

According to the company, Edge does not only offer security from the flaws internet explorer is suffering, but it also offers an improved browsing experience. However, Firefox and Chrome are other options as well, because they are safe to use now compared to internet explorer.

Security patch not coming very soon

The next security patch from Microsoft would take place on February 11, which is a few weeks far off. It means Microsoft cannot do anything about the vulnerability until the day it’s carrying out updates on explorer.

Microsoft discloses flaw

Microsoft made the vulnerability open to the public on January 17, when it posted an advisory. The advisory described the vulnerability as one that is capable of corrupting memory which allows hackers to execute arbitrary code. When the attacker exploits this weakness, they would have the same level of access to the system just like the real user.

The advisory stated the scenario that could play out when the attacker wants to infiltrate the vulnerable internet explorer. It stated that the attacker could design a special website with the main objective of exploiting the vulnerability of Internet Explorer.

It could send an mail and convince the user to log onto the website and view it. If the attacker succeeds in getting information about the admin user accounts, they could take charge of the system and install their own programs, create new accounts, or delete the user data.

Attacks being linked to North Korea

One reason why people are worried about the flaw is the fact the attack could have connections from South Korea. Tom’s Guide revealed that the flaw has close resemblance with a similar one that went for Mozilla Firefox. However, the security team saw it on time and patched it completely.

Qihoo 360 has accused the North Korean government of the attack on IE. It specifically mentioned the DarkHotel hacking, which tracks movements of first-class business travelers. However, it’s still unclear whether the zero-day can be tied to the North Korean hackers. But the firm has already pointed out that the flaw is critical.

Microsoft wasn’t the first to discover the vulnerability. CERT/CC, a division of Homeland Security, first discovered the flaw and notified Microsoft. The security unit stated that the Jscript component in Internet Explorer has unknown memory corruption vulnerability. It further mentioned that all apps that support the component can be utilized to launch attacks.

Patch for vulnerability

Although Microsoft has not provided a patch for the update, the company has posted some tips that can help to reduce the risk. However, it warned that users should only follow this route if they believe they are high-risk vulnerability targets. The company warned that using this method may reduce the overall performance of the features that depend on Jscript dill.

North Korea’s hackers still targeting Microsoft

In December last year, Microsoft sued a mysterious hacking group from North Korea for stealing very critical information from computers in the U.S.

As at then, the report revealed that the hacking group, Thallium, targeted members of groups, university staff, as well as think tanks in the society.

The more worrying thing is the fact that the outmoded link known as jScript.dll will be needed before exploiting the internet explorer.

In the previous patch made, the older DLL known as jscript9 replaced has been replaced by the older DLL. But it’s possible for newer browsers to load jscript.dll when the website needs it. However, the older DLL is still in use by default in earlier Windows 7 versions as well as in Internet Explorer 9.