Microsoft on Wednesday released a one-click Fix it to help protect customers from a recently-disclosed security vulnerability (CVE-2013-1347) affecting Internet Explorer 8 that was used in recent watering hole attacks that hit several sites including the website for the U.S. Department of Labor.
The Fix It is Microsoft’s short-term fix while the software giant works on an official security update to address the issue.
As part of the attack, sites were compromised and setup to serve up malware in drive-by-download attacks. In the case of the Department of Labor website compromise, if the malware successfully exploited the IE flaw, it downloaded a variant of Poison Ivy remote access Trojan (RAT) that was modified to evade detection, which at the time was detected by few antivirus scanners.
News of the fix comes shortly after the Metasploit Framework was updated with a module to exploit the vulnerability.
The Fix it is available to all customers and helps block the known attacks, and shouldn’t cause any issues when browsing the Web.
Applying the Fix it does not require a reboot, Microsoft said.
“We have updated Security Advisory 2847140 with an easy one-click Fix it to help protect Internet Explorer 8 customers,” said Dustin Childs, Group Manager, Response Communications, Microsoft Trustworthy Computing in a statement. “Customers should apply the Fix it or follow the workarounds listed in the advisory to help protect against the known attacks while we continue working on a security update.”
Microsoft reminded that Internet Explorer 6, 7, 9 and 10 are not affected by the vulnerability in question.
According to Jamie Blasco, director of AlienVault labs, the protocol used in the watering hole attacks matches a backdoor used by a known Chinese hacker called DeepPanda, who also noted the similarities in this attack and the ones earlier this year against a Thailand-based non-governmental organization.
Microsoft recommends that all customers using Internet Explorer 8 apply the Fix it to help ensure protection.
More information is available at the Microsoft Security Response Center blog, and guidance is also available for checking your browser version and upgrading at the Security Tips & Talk blog.
For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.
More from Mike Lennon
- ‘No Evidence’ of Cyberattack Related to FAA Outage, White House Says
- SecurityWeek to Host 2022 ICS Cybersecurity Conference October 24-27 in Atlanta
- Google Completes $5.4 Billion Acquisition of Mandiant
- Cybersecurity Firm ZeroFox Begins Trading on Nasdaq via SPAC Deal
- HUMAN Security and PerimeterX Merge on Mission to Combat Bots
- Last Call: CFP for ICS Cybersecurity Conference Closes July 15th
- Johnson Controls Acquires Tempered Networks to Shield Buildings From Cyberattacks
- Snowflake Launches Cybersecurity Workload to Find Threats Across Massive Data Sets
Latest News
- Fraudulent “CryptoRom” Apps Slip Through Apple and Google App Store Review Process
- US Downs Chinese Balloon Off Carolina Coast
- Microsoft: Iran Unit Behind Charlie Hebdo Hack-and-Leak Op
- Feds Say Cyberattack Caused Suicide Helpline’s Outage
- Big China Spy Balloon Moving East Over US, Pentagon Says
- Former Ubiquiti Employee Who Posed as Hacker Pleads Guilty
- Cyber Insights 2023: Venture Capital
- Atlassian Warns of Critical Jira Service Management Vulnerability
