Microsoft IE Patch Fixes Flaw Under Active Attack

Microsoft wins praise for quickly addressing five remote-execution security vulnerabilities, one of which is being used now in attacks.

8 Key Differences Between Windows 8 And Windows RT (click image for larger view and for slideshow)
As promised, Microsoft Friday released a security update to patch a zero-day vulnerability thats being actively exploited by attackers, as well as four previously undisclosed vulnerabilities of a similar nature.
According to Microsofts
critical security update
, Internet Explorer 6, 7, 8, and 9, running on almost every type of Windows operating system, are
vulnerable to a remote code execution attack
. A related exploit, if successful, would allow an attacker to execute arbitrary code on a targeted machine. Notably, however, IE10 and some versions of Windows Server arent vulnerable to the related attack.
Numerous security experts have recommended that all IE users immediately install Microsofts patch. We recommend installing the update as soon as possible, even if you are not running one of the configurations that are currently being exploited, i.e. Internet Explorer plus Flash or version Java v1.6, said Wolfgang Kandek, CTO of Qualys, in a
blog post
.
According to a
technical analysis of the vulnerability
published by Microsoft, attackers have so far only exploited the flaw via browser plug-ins. All real attacks we have seen are targeting only 32-bit versions of Internet Explorer, and rely on third-party browser [plug-ins] to either perform efficient heap-spray in memory and/or to bypass the built-in mitigations of Windows Vista and 7 such as DEP and ASLR, according to the post. For example, some versions of the attack code that target Java 6--which
lacks ASLR
--arent effective against Java 7.
[ What are the legal rules when it comes to cyber attacks? Read
Cyber Warfare Still Poses Legal Questions
. ]
But Kandek warned that as attackers gain familiarity with the vulnerability, they may develop more effective exploits. Attackers are surely working on [ways] to exploit the vulnerability directly, without the help of plug-ins, he said.
The
vulnerability being exploited
via in-the-wild attacks was disclosed on September 16 by researcher Eric Romang, who said hed found it just two days prior, while examining code on an Italian website that was used--apparently by the gang behind the
Nitro malware
--to launch a number of recent, targeted attacks. Romang warned that attackers may have been employing the zero-day vulnerability for some time, prior to his spotting it.
After Romangs disclosure, the IE vulnerability was quickly
verified by researchers at AlienVault Labs
, which also found related command-and-control servers for the malware being hosted in Astoria, Ill. It said that the vulnerability was apparently being used to infect targeted PCs with the
Poison Ivy remote access toolkit
.
Last week, meanwhile, the vulnerability was also added as a
working exploit
to the Metasploit open source penetration testing toolkit, which allows security researchers--or potentially, attackers--to test the vulnerability for themselves.
The speed of Microsofts patch response--just one week elapsed from public disclosure of the vulnerability to Microsoft releasing a fix--has earned the company plaudits from information security experts. In my opinion, computer users should be grateful for Microsofts response. They managed to create, test, and roll out a patch for the Internet Explorer security [vulnerability] Romang discovered being exploited by malicious hackers within a week, said Graham Cluley, senior technology consultant at Sophos, in a
blog post
.
Interestingly, however, Microsofts security bulletin doesnt credit Romang with having reported the vulnerability in question. Rather, it thanks TippingPoint, which suggests that Microsoft may have first learned of the vulnerability from a different source, and prior to Romangs disclosure.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Microsoft IE Patch Fixes Flaw Under Active Attack