Microsoft issues out-of-band Internet Explorer patch

Powered by SC Magazine
 

Dangerous bug used in ongoing spy attacks.

Microsoft has distributed an emergency fix for an Internet Explorer (IE) vulnerability that is being used in targeted attacks.

The software giant released a single critical patch for the issue, which affects all supported IE 6, 7 and 8, but not version 9. Microsoft previously issued a temporary workaround.

The flaw became known last month when it was used as part of a watering hole attack against the website for the policy think tank Council on Foreign Relations, the influential membership group that helps shape US foreign policy.

The site was hijacked with malicious JavaScript to serve an Adobe Flash exploit, which in turn triggered a heap-spray attack, according to researchers at security firm FireEye.

The malware was delivered to users whose operating system language was set to English, Chinese, Japanese, Korean or Russian.

Security firm Symantec has linked this exploit and others taking advantage of the IE bug to a string of recent espionage attacks spearheaded by a group of hackers dubbed the "Elderwood Project," possibly based in China.

Microsoft has acknowledged in an advisory that the vulnerability has been used in a limited number of targeted attacks. At least one other organisation, microturbine systems supplier Capstone Turbine Corp., had its website compromised to take advantage of the bug, security researcher Eric Romang said in a blog post.

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition


Microsoft issues out-of-band Internet Explorer patch
 
 
 
Top Stories
NSW to build its own myGov
Service NSW digital profiles available by September.
 
Australia's leaders agree to end GST-free online goods
Gerry Harvey may finally get his way.
 
What to expect from Abbott's national cyber security strategy
Key policy architect reveals focus of new document.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest articles on BIT Latest Articles from BIT
Microsoft reveals Microsoft Send, a new enterprise chat app to rival Slack
Jul 27, 2015
Microsoft Send is MSN Messenger for grownups, and you could be using it at work very soon
Developers offered $500,000 grants to find HoloLens uses
Jul 8, 2015
Can augmented-reality end up in business?
Microsoft Tossup: The planning app for unorganised groups of friends
Jul 8, 2015
App allows friends to research venues, vote on plans and chat. And depending on how you run your ...
Windows 10 drops 29 July... but only for some
Jul 6, 2015
If you've reserved your copy of Windows 10 and are keenly awaiting its 29 July release, don't ...
Xerocon is heading to Melbourne!
Jul 1, 2015
We're not saying Xero is our FAVOURITE or anything, but Xero's 2015 Xerocon conference is being ...
Latest Comments
Polls
Should law enforcement be able to buy and use exploits?



   |   View results
Yes
  13%
 
No
  51%
 
Only in special circumstances
  17%
 
Yes, but with more transparency
  19%
TOTAL VOTES: 700

Vote