Targeted zero day attack being used against Internet Explorer 6, 7, and 8

Published: 2012-12-30
Last Updated: 2013-01-01 01:04:47 UTC
by Chris Mohan (Version: 3)
1 comment(s)

Microsoft have published a security advisory for a zero day attack being used against a "targeted audience" using Internet Explorer 6, 7, and 8. This atypically means corporate or business users still locked in to using these older browsers.

There is now a Metasploit module (ie_cdwnbindinfo_uaf)that emulates this attack, meaning this will move in to mainstream exploitation rapidly, thus mitigation steps should be taken so soon as possible.
Home users running XP should be looking to use another browser as their primary method of browsing the web, and corporate security staff should review Microsoft’s recommendations to build a layered defence to protect staff.
Microsoft’s information on the vulnerability:
Update 2:
Microsoft have release a workaround option for some scenarios.
Updated Microsoft advisory 2794220:
Microsoft FixIt workaround:
Background information:
General information and basic mitigation steps at:
Useful technical information at:
Here is some basic analysis from FireEye on the Council on Foreign Relations website that was compromised  and hosting malicious content:
Thank you to Toby and another Reader for writing in with this.
Chris Mohan --- Internet Storm Center Handler on Duty


Join Ashley Deuble for MGT 414: SANS® +S™ Training Program for the CISSP® Certification Exam in Brisbane, Australia

1 comment(s)


MS Fix it released for IE 0-day...
Updated: Dec 31, 2012 - "... Workarounds: Apply the Microsoft Fix it solution, "MSHTML Shim Workaround", that prevents exploitation of this issue. See Microsoft Knowledge Base Article 2794220* ..."
Last Review: Dec 31, 2012 - Rev 1.0


Diary Archives