Microsoft said it was investigating the security glitch, which allowed for remote code execution, and affected all versions of Internet Explorer -- IE 6 through 11. Currently versions 9, 10 and 11 are being attacked, according to FishEye, the research firm that alerted Microsoft to the vulnerability Friday.
The attacks are taking advantage of "use after free" vulnerability -- a little known vulnerability that allows data corruption after memory has been released.The vulnerability also bypasses both Windows DEP (data execution prevention) and ASLR (address space layout randomization) protections, according to FireEye.
"The APT [advanced persistent threat] group responsible for this exploit has been the first group to have access to a select number of browser-based 0-day exploits (e.g. IE, Firefox, and Flash) in the past," FireEye said. "They are extremely proficient at lateral movement and are difficult to track, as they typically do not reuse command and control infrastructure."
Windows server versions that run on Internet Explorer in the default Enhanced Security Configuration are not vulnerable unless an affected site is placed in the Internet Explorer Trusted sites zone.
Microsoft said it was investigating the vulnerability and would issue an security update to address the problem.