CONFERENCE Cyber AI & Automation Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Microsoft Releases ‘Fix It’ to Address Recent IE Vulnerability Used in Watering Hole Attacks

Microsoft on Wednesday released a one-click Fix it to help protect customers from a recently-disclosed security vulnerability (CVE-2013-1347) affecting Internet Explorer 8 that was used in recent watering hole attacks that hit several sites including the website for the U.S. Department of Labor.

Microsoft on Wednesday released a one-click Fix it to help protect customers from a recently-disclosed security vulnerability (CVE-2013-1347) affecting Internet Explorer 8 that was used in recent watering hole attacks that hit several sites including the website for the U.S. Department of Labor.

The Fix It is Microsoft’s short-term fix while the software giant works on an official security update to address the issue.

As part of the attack, sites were compromised and setup to serve up malware in drive-by-download attacks. In the case of the Department of Labor website compromise, if the malware successfully exploited the IE flaw, it downloaded a variant of Poison Ivy remote access Trojan (RAT) that was modified to evade detection, which at the time was detected by few antivirus scanners.

News of the fix comes shortly after the Metasploit Framework was updated with a module to exploit the vulnerability. 

The Fix it is available to all customers and helps block the known attacks, and shouldn’t cause any issues when browsing the Web.

Applying the Fix it does not require a reboot, Microsoft said.

“We have updated Security Advisory 2847140 with an easy one-click Fix it to help protect Internet Explorer 8 customers,” said Dustin Childs, Group Manager, Response Communications, Microsoft Trustworthy Computing in a statement. “Customers should apply the Fix it or follow the workarounds listed in the advisory to help protect against the known attacks while we continue working on a security update.”

Microsoft reminded that Internet Explorer 6, 7, 9 and 10 are not affected by the vulnerability in question.

Advertisement. Scroll to continue reading.

According to Jamie Blasco, director of AlienVault labs, the protocol used in the watering hole attacks matches a backdoor used by a known Chinese hacker called DeepPanda, who also noted the similarities in this attack and the ones earlier this year against a Thailand-based non-governmental organization.

Microsoft recommends that all customers using Internet Explorer 8 apply the Fix it to help ensure protection.

More information is available at the Microsoft Security Response Center blog, and guidance is also available for checking your browser version and upgrading at the Security Tips & Talk blog.

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is founder and director of several leading cybersecurity industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.