Internet Explorer Returns From The Dead With Fresh Exploits

zombIE
Will the undead zomb-IE ever die?

Share This Post

Microsoft ended support for Internet Explorer on June 15, 2022. However, IE’s deep integration into the Windows operating system means that each Windows host still has an IE-specific Event Log. This Event Log and its distinct set of permissions have ramifications that are being felt to this day, specifically via two exploits targeting Windows systems that were recently discovered by Varonis: LogCrusher and Overlog.

LogCrusher can allow any domain user to remotely crash the Event Log application of any Windows machine on the current domain. This could be particularly useful for a malicious actor as a way to cover their tracks before performing an attack on a system. OverLog can cause a remote denial-of-service (DoS) attack by inflating this Event Log file, to the point of entirely filling up the hard drive space of any Windows machine on the current domain.

A partial patch was released on October 11, 2022 to address this. However, Microsoft has also opted not to fully fix the LogCrusher vulnerability on Windows 10.

Windows 11 and Windows Server 2022 are unaffected.

To read the entire breakdown of both exploits, visit Varonis’ site for their full report: https://www.varonis.com/blog/the-logging-dead-two-windows-event-log-vulnerabilities



Reach out to our incident response team for help

More To Explore

Information Security News – 6/2/2025

Why Layoffs Increase Cybersecurity Risks Article Link: https://www.helpnetsecurity.com/2025/05/26/layoffs-cybersecurity-risks/ The CISO’s Dilemma: Balancing Access, Security, and Operational Continuity Article Link: https://www.forbes.com/councils/forbestechcouncil/2025/05/27/the-cisos-dilemma-balancing-access-security-and-operational-continuity/ Massive Data Breach Exposes 184

Information Security News – 5/19/2025

Attackers Lace Fake Generative AI Tools With ‘Noodlophile’ Malware Article Link: https://www.darkreading.com/endpoint-security/attackers-fake-generative-ai-tools-malware CISA Reverses Decision on Cybersecurity Advisory Changes Article Link: https://www.infosecurity-magazine.com/news/cisa-reverses-decision-advisory/ FBI Warns That

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.