NEWS - September 19, 2012
by Carol~ - 9/19/12 6:28 AM
Microsoft pledges temporary fix for critical IE bug under attack
"Promise comes as 3 more attack sites are spotted exploiting the vulnerability."
Microsoft plans to release a temporary fix for a critical Internet Explorer vulnerability that attackers are exploiting to install malicious software when unsuspecting end users visit booby-trapped websites.
Microsoft's announcement on Tuesday afternoon that it will make available a temporary patch known as a Fixit in the next few days came as a security researcher spotted three more websites that have exploited the vulnerability. The sites include nod32XX.com, led-professional-symposium.org, and defensenews.in, an India-based news portal dedicated to coverage of the defense industry. The sites install the Poison Ivy and PlugX remote access trojans, which allow attackers to remotely issue commands and monitor e-mail and instant message communications on infected machines.
"It seems the guys behind this 0day were targeting specific industries," Blasco wrote in a blog post published Tuesday. "We've seen that they compromised a news site related to the defense industry and they created a fake domain related to LED technologies that can be used to perform spearphishing campaigns to those industries."
Yunsun Wee, director of Microsoft's Trustworthy Computing group, didn't address the number of sites targeting the previously undocumented flaw, but her post also suggested the attacks were targeted.
Continued : http://arstechnica.com/security/2012/09/microsoft-pledges-fix-for-critical-internet-explorer-bug/
Microsoft to close critical IE hole with a temporary Fix-it
Microsoft says IE zero-day fix on the way
Microsoft: IE Patch to be Released Soon to Plug Brower's Security Hole
See: Additional information about Internet Explorer and Security Advisory 2757760