Microsoft Corp. will patch today, a flaw in Windows that affects all editions of the operating systems ranging from the 12-year-old XP to the just released Windows 8.1.
Security researchers who discovered the bug said that the vulnerability has been used by attackers in a “watering hole” campaign which was launched from a Web site based in the United States which focuses on domestic and international security policy.
A watering hole attack typically involve involves cyber criminals compromising a Web site frequently visited by their targets. The attackers plant a malware in the site and wait for users to browse the site.
Darien Kindlund, manager of threat intelligence at security firm FireEye, eye said the Windows bug was exploited through Internet Explorer 7, IE8, IE9 and IE10. He said the attack was seen in the wild against computers running either Windows XP or Windows 7.
He said the attack was unusual in the sense that it left no trace on the target computer’s hard disk drive. Hackers loaded an attack code directly into the memory of the machine. Because the malware payload was non-persistent, it disappeared when the PC was restarted. Restarting a PC wipes the machine’s system memory clean.