IE Zero Day Targeted Attacks

Friday, September 21, 2012 @ 04:09 PM gHale

New versions of the Zero Day vulnerability in Internet Explorer are targeting a number of defense and industrial companies.

“We also found a fake domain of a company that builds turbines and power sources used in several applications including utilities and power plants,” said AlienVault researcher Jaime Blasco. “We were able to check that the official website of the company has been compromised as well and it is serving the Internet Explorer Zero Day to the visitors. They’ve included an iframe to the exploit in the entry page.”

Microsoft Vows to Fix IE Bug
IE 10 gets Flash Fixes
Blackhole Updates Product Offering
Honeypot Now SQL Injection Capable

The exploit code has evolved and is now able to infect not only Windows XP but also Windows 7 32-bit running Java 6, Blasco said.

Microsoft is working on a patch for the issue and also said it will soon issue an interim fix for the exploit. “We will release a fix in the next few days to address an issue in Internet Explorer, as outlined in the Security Advisory 2757760 that we released yesterday,” the company said.

Microsoft downplayed the impact of the vulnerability. “We have received reports of only a small number of targeted attacks and are working to develop a security update to address this issue,” Yunsun Wee, director of Microsoft’s Trustworthy Computing Group said. “We are monitoring the threat landscape very closely and if the situation changes, we will post updates on the MSRC blog and on Twitter at @MSFTSecResponse.”

Theories show the IE Zero Day came from the same authors behind the Java Zero Day that wreaked so much havoc so quickly just two weeks ago because this uses the same malicious Poison Ivy payload as the Java exploit.

Microsoft’s fix is a one-click solution for any Internet Explorer user, which will not affect users’ ability to browse the web, said the company. “It will provide full protection against this issue until an update is available.”

While it works on a patch, Microsoft has published a security advisory recommending that customers also use the Enhanced Mitigation Experience Toolkit (EMET) to implement roadblocks to prevent the Zero Day exploit from working.

Also, it said uses should set the Internet and local intranet security zone in Internet Explorer to “high” to block ActiveX controls and Active Scripting from running, or configure it to prompt before executing. This will affect business application performance but will keep the environment safe, Microsoft said.

Leave a Reply

You must be logged in to post a comment.