Threat Level: Infocon green

ISC Diary

Refresh Latest Diaries



advertisement
Diary Advertisement
Use Discount Code SANSFIREISC10 when registering to get a 10% discount!!

Targeted zero day attack being used against Internet Explorer 6, 7, and 8

Published: 2012-12-30,
Last Updated: 2013-01-01 01:04:47 UTC
by Chris Mohan (Version: 3)

1 comment(s)

Microsoft have published a security advisory for a zero day attack being used against a "targeted audience" using Internet Explorer 6, 7, and 8. This atypically means corporate or business users still locked in to using these older browsers.

Update:
 
There is now a Metasploit module (ie_cdwnbindinfo_uaf)that emulates this attack, meaning this will move in to mainstream exploitation rapidly, thus mitigation steps should be taken so soon as possible.
 
Home users running XP should be looking to use another browser as their primary method of browsing the web, and corporate security staff should review Microsoft’s recommendations to build a layered defence to protect staff.
 
Microsoft’s information on the vulnerability:
 
Update 2:
 
Microsoft have release a workaround option for some scenarios.
Updated Microsoft advisory 2794220:
http://technet.microsoft.com/en-us/security/advisory/2794220
 
Microsoft FixIt workaround:
http://support.microsoft.com/kb/2794220
 
 
Background information:
 
General information and basic mitigation steps at:
http://blogs.technet.com/b/msrc/archive/2012/12/29/microsoft-releases-security-advisory-2794220.aspx
 
Useful technical information at:
http://blogs.technet.com/b/srd/archive/2012/12/29/new-vulnerability-affecting-internet-explorer-8-users.aspx
 
Here is some basic analysis from FireEye on the Council on Foreign Relations website that was compromised  and hosting malicious content: 
http://blog.fireeye.com/research/2012/12/council-foreign-relations-water-hole-attack-details.html
 
Thank you to Toby and another Reader for writing in with this.
 
Chris Mohan --- Internet Storm Center Handler on Duty

 

Join Ashley Deuble for MGT 414: SANS® +S™ Training Program for the CISSP® Certification Exam in Brisbane, Australia

Keywords:
1 comment(s)
Top of page

Comments

Please choose a specific diary above to comment

Diary Archives

Top of page
site/port/ip search:

Get ISC Swag!!

Advertisement

Security News Feeds

InternetStormCenter
SANS Newsbites
SANS @Risk

Diary Archives

EMET 4.0 is now available for download - by: Russ McRee (2013-06-18)

Volatility rules...any questions? - by: Russ McRee (2013-06-18)

SANSFIRE 2013 - by: Daniel Wesemann (2013-06-17)

View Diary Archives

Search Diaries:

SANS Institute

View our Privacy Policy

Contact Us

Phone: (757) SANS-ISC (726-7472) - Voice Mail Only
Web Contact: handlers@isc.sans.edu
Report Bugs: Sourceforge Project
Debug Info: Browser Debug Info

"The experiences gained in the SANS Technology Institute program have helped me advance in IBM, taking a more public facing role."
- Jerome Radcliffe, SANS Technology Institute Student

"SANS is a 'giving back to the community factory.' SANS encourages and fosters growing security awareness and growing the security community."
- Rob VandenBrink, Alumni of SANS Technology Institute