Microsoft issues out-of-band Internet Explorer patch

Powered by SC Magazine
 

Dangerous bug used in ongoing spy attacks.

Microsoft has distributed an emergency fix for an Internet Explorer (IE) vulnerability that is being used in targeted attacks.

The software giant released a single critical patch for the issue, which affects all supported IE 6, 7 and 8, but not version 9. Microsoft previously issued a temporary workaround.

The flaw became known last month when it was used as part of a watering hole attack against the website for the policy think tank Council on Foreign Relations, the influential membership group that helps shape US foreign policy.

The site was hijacked with malicious JavaScript to serve an Adobe Flash exploit, which in turn triggered a heap-spray attack, according to researchers at security firm FireEye.

The malware was delivered to users whose operating system language was set to English, Chinese, Japanese, Korean or Russian.

Security firm Symantec has linked this exploit and others taking advantage of the IE bug to a string of recent espionage attacks spearheaded by a group of hackers dubbed the "Elderwood Project," possibly based in China.

Microsoft has acknowledged in an advisory that the vulnerability has been used in a limited number of targeted attacks. At least one other organisation, microturbine systems supplier Capstone Turbine Corp., had its website compromised to take advantage of the bug, security researcher Eric Romang said in a blog post.

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition


Microsoft issues out-of-band Internet Explorer patch
 
 
 
Top Stories
Coalition's NBN cost-benefit study finds in favour of MTM
FTTP costs too much, would take too long.
 
Who'd have picked a BlackBerry for the Internet of Things?
[Blog] BlackBerry has a more secure future in the physical world.
 
Will Nutanix be outflanked before reaching IPO?
VMware muscles in on storage startup in hyper-converged infrastructure.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest articles on BIT Latest Articles from BIT
Looking for storage? Seagate has five new small business NAS devices
Aug 22, 2014
Seagate has announced a new portfolio of Networked Attached Storage (NAS) solutions specifically ...
Run a small business in western Sydney?
Aug 15, 2014
This event might be of interest if you're looking to meet other people with a similar interest ...
Buying a tablet? Microsoft's Surface Pro 3 goes on sale this month
Aug 8, 2014
Microsoft has announced its Surface Pro 3 will go on sale in Australia on 28 August from ...
Apple's top MacBook Pro with Retina is now cheaper
Aug 1, 2014
Apple has updated its MacBook Pro range with faster processors and new pricing, including ...
Pass on carbon tax savings, warns ACCC
Jul 24, 2014
The ACCC is warning businesses that supply "regulated goods" to pass on any cost savings ...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  69%
 
Advanced persistent threats
  3%
 
Unpatched or unsupported software vulnerabilities
  11%
 
Denial of service attacks
  6%
 
Insider threats
  11%
TOTAL VOTES: 621

Vote