Multiple Targeted IE Attacks Underway, Microsoft To Release Patch Tomorrow

Microsoft today issued an interim Fix-it tool to protect Internet Explorer browsers from a zero-day vulnerability that has spawned attacks by traditional cyberespionage players out of China

Microsoft will release an emergency patch tomorrow for a zero-day flaw in Internet Explorer that has been quickly snapped up by attackers out of China.
The critical use after free bug, which was discovered last weekend and affects all versions of IE except for IE 10, led to warnings of avoiding IE altogether -- including the German government advising citizens to swear off IE until the bug gets patched. An attack module was added to the Metasploit tool this week, adding to concerns of a snowball effect of IE attacks by financially motivated hackers.
Most attacks spotted in the wild so far have been targeted and appear to be typical cyberespionage campaigns out of China, security expert say. The acceleration of vulnerability discovery to weaponization and spear phish campaigns is due to the real economic value captured by the nation-state actors and cybercrime organizations through exploitation of these vulnerabilities, says Anup Ghosh, founder and CEO of Invincea.
Microsoft all along has maintained that
the attacks exploiting the flaw
were limited, but the software giant still responded rapidly to reports of attacks this week by issuing
an interim FixIt
for the vulnerability today and promising a full patch tomorrow.
[Microsoft also released a temporary fix for a zero-day vulnerability being exploited in the wild that allows for remote code execution via Internet Explorer if a user visits a rigged Web page.. See
Microsoft Issues FixIt For ZeroDay Plus New Updater For Windows That Fights Flame
.]
While the vast majority of people are not impacted by this issue, today Microsoft provided a temporary fix that can be downloaded with one easy click and offers immediate protection. We will also provide a permanent solution for customers that will be automatically enabled on Friday, Sept. 21, 2012, said Yunsun Wee, director of Microsofts Trustworthy Computing Group.
Security researchers have spotted at least ten different versions of the exploit spread across different servers, each aimed a specific user. Ive seen at least ten different versions of the same IE zero-day in different severs targeting different users. Most of them contains clues that point to the same people ... Based on the analysis we did on the exploit code and the payloads they use – PoisonIvy and PlugX – it is likely that a Chinese group is behind this, says Jaime Blasco, manager of AlienVault Labs.
Blasco says the targeted organizations are the same ones who are traditionally attacked by Chinese hackers conducting cyberespionge. Of course, in the digital world, everything can be fake and you cannot trust everything you see, he says. [But] also based on the target list, they [the targets] are the same guys that are being targeted by the [Chinese attackers] 24/7.
And the attacks hes seen likely only scratch the surface, Blasco says. Ive found several targeted attacks going on that use that zero-day. If Im able to find them, it is obvious there will be probably dozens of other instances out there that we are not able to identify, he says. The instances Ive found are being use to target specific sectors including Defense contractors, industrial companies, supply chain companies in
the defense industry
, he says.
But with the Metasploit attack module available, it wont be long before the exploit is added to crimeware kits and used by traditional cybercriminals, he says. It is very likely we will find this include in BlackHole and other exploit kits very soon, Blasco says.
Several security experts applauded Microsofts quick response and patch turnaround for the IE vulnerability. But calls by some to stop using IE altogether were misguided, says Invinceas Ghosh.
People calling for users to stop using Internet Explorer are missing the point. IE is not materially worse security-wise than the other major browsers. Its market share is what drives production of exploits -- switching from IE to other browsers will only shift malware writers to other browsers, Ghosh says. And realistically, IE has its largest market share in business because of its group policy and business application support. So calls to switch to different browsers -- along with uninstalling Java -- neither solve the problem nor are realistic for business users.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Multiple Targeted IE Attacks Underway, Microsoft To Release Patch Tomorrow