Microsoft is struggling to offer adequate protection for a serious IE flaw that affects earlier browser versions
Websites have been spotted exploiting an unpatched vulnerability in Internet Explorer (IE), used in attacks from the same highly-sophisticated group that hit Google in the famous Aurora attacks of 2009/10.
The zero-day vulnerability caused panic at the start of this month, leading Microsoft to rush out a ‘Fix It’ solution while it worked on issuing a proper patch. Unfortunately, at the end of last week, researchers from vulnerability expert Exodus Intelligence said they had easily broken the workaround for Internet Explorer.
Researchers found the vulnerability was being used in watering hole attacks, where hackers infect websites commonly frequented by their intended victims to serve up spying malware via their Internet Explorer browsers. Only versions 6 to 8 of IE are said to be affected.
This was flagged up by Jaime Blasco, head of labs at AlienVault, and his team two weeks ago when they found a watering hole campaign targeting the Council on Foreign Relations (CFR) portal in the US. They promptly sent the information to Microsoft Security Response Centre (MSRC) which issued a Security Advisory warning users of Internet Explorer 6,7 and 8 that they could be vulnerable to remote execution hacks. Later the “fix” was issued which Exodus attacked.
Malware researchers at Sophos have now discovered more sites serving up exploits taking advantage of the remote code execution flaw. One was a website for the Uyghur people of East Turkestan, who are campaigning for independence from China. The other was an Iranian oil company, based in Tehran, but Sophos would not give a name because the site was still carrying the infection.
UPDATE: Dustin Childs, group manager for Microsoft Trustworthy Computing, sent the following statement to TechWeekEurope: “We’ve reviewed the information from Exodus and are working on an update, which we will make available to all customers on IE6-8 as soon as it is ready for distribution. In the meantime, the current Fix It, mitigations and workarounds available in Security Advisory 2794220 fully protect against all known active attacks. We also continue to encourage customers to upgrade their browsers to IE9-10, which are not affected by this issue.”
This article appeared on TechWeekEurope. Click here for the full story.