Sunday, 30 December 2012

Internet Explorer hit by zero-day exploit, temporary fix issued

Web site for the Council on Foreign Relations was compromised and recently hit by a drive-by attack that was detected earlier this week. Hacker are suspected to be from China , who are exploiting a zero day  Internet Explorer vulnerability for Cyber Espionage attack against one of American most elite foreign policy web groups.

Poison Ivy exploits a “use-after-free vulnerability” in IE that enables a hacker to create an image URL referencing uninitialized memory. This corrupts the memory and once completely executed gives the attacker remote access with the same permissions as the current user.
Once the system compromised, hackers look for valuable information from their computers. FBI was notified of the attack and is said to be investigating. Firm also confirm that the malicious code was planted on the server using Mandarin Chinese language. In description parameter of MD5 of malicious files, they found simplified Chinese <文件说明> , that translates to <File Description>.

Microsoft is urging users of Internet Explorer to download a free security tool, enhanced Mitigation Experience Toolkit (EMET), as an interim measure against a previously unknown zero-day exploit in its web browser software that is under active malware attack by hackers.
The vulnerability affects computers running all versions of Internet Explorer from IE6 to IE9, on every single OS release since Windows XP right through to Windows 7 and Server 2008. Interestingly though, Microsoft’s IE 10 running on Windows 8 and Server 2008 are not affected according to Microsoft’s Security Advisory
Microsoft says a fix is in the works and may be released during its normal monthly update cycle, or in a separate security update, depending on customers' needs..

No comments:

Post a Comment