Microsoft has distributed an emergency fix for an Internet Explorer (IE) vulnerability that is being used in targeted attacks.
The software giant released a single critical patch for the issue, which affects all supported IE 6, 7 and 8, but not version 9. Microsoft previously issued a temporary workaround.
The flaw became known last month when it was used as part of a watering hole attack against the website for the policy think tank Council on Foreign Relations, the influential membership group that helps shape US foreign policy.
The malware was delivered to users whose operating system language was set to English, Chinese, Japanese, Korean or Russian.
Security firm Symantec has linked this exploit and others taking advantage of the IE bug to a string of recent espionage attacks spearheaded by a group of hackers dubbed the "Elderwood Project," possibly based in China.
Microsoft has acknowledged in an advisory that the vulnerability has been used in a limited number of targeted attacks. At least one other organisation, microturbine systems supplier Capstone Turbine Corp., had its website compromised to take advantage of the bug, security researcher Eric Romang said in a blog post.
This article originally appeared at scmagazineus.com
Copyright © SC Magazine, US edition
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @itnews.com.au to your white-listed senders.