Feeds

Microsoft scrambles to thwart new Internet Explorer 0-day attack

Patch Tuesday can't come soon enough

Internet Security Threat Report 2014

Microsoft has pushed out a temporary fix to defend against a zero-day vulnerability that surfaced in attacks launched last week.

The security flaw (CVE-2012-4792) - which affects IE 6, 7 and 8 but not the latest versions of Microsoft's web browser software - allows malware to be dropped onto Windows PCs running the vulnerable software, providing, of course, that users can be tricked into visiting booby-trapped websites.

Redmond has released a temporary Fix It (easy-to-apply workaround) pending the development of a more comprehensive patch.

The flaw was initially discovered by security tools firm FireEye on the Council on Foreign Relations website on 27 December.

The attack had been running for at least a week, and perhaps longer, before it was detected. Retrospective analysis by Sophos suggests the same exploit was used on at least five additional websites, suggesting assaults using the bug are far from limited.

"While the assaults appeared to be targeting a small number of sites, there is no obvious link between the victims," noted Chester Wisniewski, a senior security advisor at Sophos Canada, in a blog post. "Some are referring to this as a 'watering hole' attack*, but the evidence we have doesn't necessarily support that conclusion."

Security watchers advise either applying Redmond's workarounds, upgrading to IE 9 or using an alternative browser - at least until a proper patch becomes available. The next patch Tuesday is coming up on 8 January. This doesn't give Microsoft much time but given the high-profile nature of the vulnerability it's likely that Redmond will release a patch sooner rather than later. ®

* Watering hole attacks have become a feature of cyber-espionage attacks over recent months. Instead of infecting the website of a military contractor or government agency directly, hackers compromise the website of a third party that is frequently visited by users who also visit the targeted organisation. This might be the website of a local sports team or a site with content relevant to the core business of the targeted organisation, for example.

Internet Security Threat Report 2014

Whitepapers

Driving business with continuous operational intelligence
Introducing an innovative approach offered by ExtraHop for producing continuous operational intelligence.
The total economic impact of Druva inSync
Examining the ROI enterprises may realize by implementing inSync, as they look to improve backup and recovery of endpoint data in a cost-effective manner.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Simplify SSL certificate management across the enterprise
Simple steps to take control of SSL across the enterprise, and recommendations for a management platform for full visibility and single-point of control for these Certificates.