Wednesday, January 2, 2013

Microsoft Issues FixIt for IE 0-day Being Exploited In-the-Wild

Internet ExplorerUsers that fire up older versions of Internet Explorer to surf the web may want to apply the FixIt solution that Microsoft released to help defend against attacks using a zero-day vulnerability that surfaced last week.

Microsoft stated that the remote code execution vulnerability, CVE-2012-4792 exists due to the way IE accesses an object in memory that was not properly allocated or deleted. Only Internet Explorer versions 6, 7 and 8 said to be affected by this flaw.

The vulnerability is actively been exploited in-the-wild to conduct drive-by-download attacks.

Security firm FireEye was the first to spot the flaw after receiving reports on December 27th, 2012 that the Council on Foreign Relations (CFR) website had been compromised & was serving malware.  FireEye later confirmed that the CFR website was hosting malicious content as early as Friday, December 21st; however, SophosLabs pushed the date back even further, suggesting that attacks began back on December 7th.

As if that wasn’t bad enough, Sophos warns that the vulnerability is being exploited on at least five other websites, hinting that the attacks may not be as limited as initial reports suggest.

Tips to Keep Your PC Safe


Until Microsoft releases an official patch to correct this security flaw, users are advised to:

  • Apply the easy one-click “Fix It” solution that Microsoft released; just keep in mind that this is a temporary fix until Microsoft can issue an official patch.

  • If possible, upgrade to Internet Explorer 9 (requires Vista or higher) or Internet Explorer 10 (requires Windows 8).

  • Switch to a different browser if you are unable to upgrade IE or apply the FixIt.

  • Always run antivirus software that offers real-time scanning. (Sophos & Symantec are two AV vendors that have updated their software to block attacks using this vulnerability.)

  • Use a Windows account with limited access. Microsoft’s security advisory states that attackers may inherit the same user rights as the victim, so limited privileges may limit the amount of damage done.

  • Keep your operating system & installed software current, and definitely apply the official patch when released.

  • Exercise caution when following links or suspicious URLs.


Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

No comments:

Post a Comment