Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Targeted zero day attack being used against Internet Explorer 6, 7, and 8 - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Targeted zero day attack being used against Internet Explorer 6, 7, and 8

Microsoft have published a security advisory for a zero day attack being used against a "targeted audience" using Internet Explorer 6, 7, and 8. This atypically means corporate or business users still locked in to using these older browsers.

 
Home users running XP should be looking to use another browser as their primary method of browsing the web, and corporate security staff should review Microsoft’s recommendations to build a layered defence to protect staff.
 
Microsoft’s information on the vulnerability:
 
Microsoft Advisory 2794220:
http://technet.microsoft.com/en-us/security/advisory/2794220
 
General information and basic mitigation steps at:
http://blogs.technet.com/b/msrc/archive/2012/12/29/microsoft-releases-security-advisory-2794220.aspx
 
Useful technical information at:
http://blogs.technet.com/b/srd/archive/2012/12/29/new-vulnerability-affecting-internet-explorer-8-users.aspx
 
Here is some basic analysis from FireEye on the Council on Foreign Relations website that was compromised  and hosting malicious content: 
http://blog.fireeye.com/research/2012/12/council-foreign-relations-water-hole-attack-details.html
 
Thank you to Toby and another Reader for writing in with this.
 
Chris Mohan --- Internet Storm Center Handler on Duty

 

Join Ashley Deuble for MGT 414: SANS® +S™ Training Program for the CISSP® Certification Exam in Brisbane, Australia

Chris

105 Posts
ISC Handler
MS Fix it released for IE 0-day...
- http://technet.microsoft.com/en-us/security/advisory/2794220
Updated: Dec 31, 2012 - "... Workarounds: Apply the Microsoft Fix it solution, "MSHTML Shim Workaround", that prevents exploitation of this issue. See Microsoft Knowledge Base Article 2794220* ..."
* http://support.microsoft.com/kb/2794220#FixItForMe
Last Review: Dec 31, 2012 - Rev 1.0

.
Anonymous

Sign Up for Free or Log In to start participating in the conversation!