Feeds

Internet Explorer bug patched only a week ago now being exploited

Patch Tuesday - Malware Wednesday

Choosing a cloud hosting partner with confidence

Hackers have latched onto a vulnerability in Internet Explorer patched by Microsoft last week as a useful way to spread malware.

The vulnerability is CVE-2012-1875 – which was patched in MS12-037 as part of the June edition of Microsoft's Patch Tuesday – and it is being exploited in the wild. Attacks are typically delivered by JavaScript code embedded in websites, some of which are actually legitimate. Windows users who visit these sites using unpatched boxes become infected thanks to the JavaScript code, in what industry insiders commonly describe as a drive-by download attack.

The security bug stems from memory mismanagement in Internet Explorer, or more particularly a use-after-free bug. Technologies built into the latest versions of Windows – including DEP (data execution prevention) and ASLR (address-space layout randomisation) – are meant to make this sort of attack harder but have both come up short in this instance.

'Net users are advised to patch Windows systems to defend against the exploit, if they haven't done so already. A good write-up of the vulnerability can be found in a blog post by Sophos here.

The flaw in IE is unrelated to the a browser bug associated with news of "state-sponsored attackers" and Google that made the news last week. ®

Choosing a cloud hosting partner with confidence

Whitepapers

Go beyond APM with real-time IT operations analytics
How IT operations teams can harness the wealth of wire data already flowing through their environment for real-time operational intelligence.
Why CIOs should rethink endpoint data protection in the age of mobility
Assessing trends in data protection, specifically with respect to mobile devices, BYOD, and remote employees.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Protecting against web application threats using SSL
SSL encryption can protect server‐to‐server communications, client devices, cloud resources, and other endpoints in order to help prevent the risk of data loss and losing customer trust.