In January, an Internet Explorer zero-day exploit surfaced, enabling attackers to bypass the browser's built-in restrictions. Security experts from malware detection appliance maker FireEye first detected attacks targeting the Internet Explorer zero-day flaw being delivered from the Council on Foreign Relations website. Days after the zero-day surfaced, proof-of-concept code also was released for the Metasploit Framework, making the attack technique more widely available.
In May, a second Internet Explorer zero-day was detected being delivered on the Department of Labor website. Security experts said the target appears to be Department of Energy employees who frequented the Department of Labor's Site Exposure Matrices page. Microsoft rushed out a temporary Internet Explorer patch in September to address another zero-day flaw.