Microsoft on Wednesday released a one-click Fix it to help protect customers from a recently-disclosed security vulnerability (CVE-2013-1347) affecting Internet Explorer 8 that was used in recent watering hole attacks that hit several sites including the website for the U.S. Department of Labor.
The Fix It is Microsoft’s short-term fix while the software giant works on an official security update to address the issue.
As part of the attack, sites were compromised and setup to serve up malware in drive-by-download attacks. In the case of the Department of Labor website compromise, if the malware successfully exploited the IE flaw, it downloaded a variant of Poison Ivy remote access Trojan (RAT) that was modified to evade detection, which at the time was detected by few antivirus scanners.
News of the fix comes shortly after the Metasploit Framework was updated with a module to exploit the vulnerability.
The Fix it is available to all customers and helps block the known attacks, and shouldn’t cause any issues when browsing the Web.
Applying the Fix it does not require a reboot, Microsoft said.
“We have updated Security Advisory 2847140 with an easy one-click Fix it to help protect Internet Explorer 8 customers,” said Dustin Childs, Group Manager, Response Communications, Microsoft Trustworthy Computing in a statement. “Customers should apply the Fix it or follow the workarounds listed in the advisory to help protect against the known attacks while we continue working on a security update.”
Microsoft reminded that Internet Explorer 6, 7, 9 and 10 are not affected by the vulnerability in question.
According to Jamie Blasco, director of AlienVault labs, the protocol used in the watering hole attacks matches a backdoor used by a known Chinese hacker called DeepPanda, who also noted the similarities in this attack and the ones earlier this year against a Thailand-based non-governmental organization.
Microsoft recommends that all customers using Internet Explorer 8 apply the Fix it to help ensure protection.
More information is available at the Microsoft Security Response Center blog, and guidance is also available for checking your browser version and upgrading at the Security Tips & Talk blog.