Microsoft IE Zero-Day Remote Command Execution Vulerability Alert

On February 4, 2021, the South Korean security company ENKI released a follow-up analysis of the allegedly Lazarus organization’s attack on security researchers. Mentioned that by sending MHTML files to induce the target person to click and trigger the subsequent 0day vulnerabilities related to the Internet Explorer browser to gain control of the user machine. The malicious MHTML file download and subsequent malicious use of the domain name is codevexillium[.]org, this domain name is the network infrastructure used in the previous activity.

Since the vulnerability is currently in an unpatched zero-day state and has been discovered to be exploited in the wild, it constitutes a real threat. We remind IE browser users to be cautious when opening files and links of unknown origin and temporarily use browsers such as Chrome and Firefox to avoid being affected by this vulnerability.

There is a double-free vulnerability in Internet Explorer DOM object processing. Clicking on a malicious link or file constructed by an attacker will cause remote code execution to control the user system.

Data from multiple market research institutions show that the Internet Explorer browser currently has a relatively low share of the browser market, currently, around 3% and the impact is not very large. The vulnerability affects the IE11 browser under Windows, and there have been exploited in the wild. We strongly recommend that users temporarily use Chrome and Firefox browsers before the vulnerability is patched.