IE FixIt Corrects Zero Day Drive-by Download Exploit

January 2, 2013 by Corey Nachreiner 4 Comments

I can think of better ways to end the year than with a last-minute zero day Internet Explorer (IE) exploit found in the wild. Yet that is exactly what happened last week. The good news is Microsoft has a quick fix.

Late last week, FireEye reported that attackers had infected the Council of Foreign Relations’ (CFR) web site with malicious code that leveraged a previously undiscovered vulnerability in IE. If you visited this site while it was booby-trapped, the drive-by download code would exploit the zero day flaw to install malware onto your computer. The attack code also checks your browser version to confirm you’re vulnerable, and only targets victims with English, Russian, Chinese, Korean, and Japanese operating systems. The code seems to contain Chinese characters, leading some to believe this is a China-based attack.

Over the weekend, Microsoft released an early advisory confirming this vulnerability. They also updated the advisory on Monday to add a FixIt workaround. According to their post, the vulnerability only affects IE 6 through 8. So if you use the latest  versions of IE (9 and 10), you’re immune to the exploit. Though Microsoft hasn’t released the full details yet, the vulnerability seems to involve a “use after free” problem, which attackers can leverage to corrupt memory and force a computer to execute code of their choosing. If you use IE 6-8, I highly recommend you apply Microsoft’s IE FixIt immediately.

That said, I expect the FixIt only provides a temporary solution, and you should expect a more complete patch during one of Microsoft’s upcoming Patch Days. — Corey Nachreiner, CISSP (@SecAdept)

Editorial Articles, Security Updates
, , , , , ,

About Corey Nachreiner

Corey Nachreiner has been with WatchGuard since 1999 and has since written more than a thousand concise security alerts and easily-understood educational articles for WatchGuard users. His security training videos have generated hundreds of letters of praise from thankful customers and accumulated more than 100,000 views on YouTube and Google Video. A Certified Information Systems Security Professional (CISSP), Corey speaks internationally and is often quoted by other online sources, including C|NET, eWeek, and Slashdot. Corey enjoys "modding" any technical gizmo he can get his hands on, and considers himself a hacker in the old sense of the word.
View all posts by Corey Nachreiner

Trackbacks/Pingbacks

  1. Ring in the New Year with Seven Microsoft Patches | WatchGuard Security Center - January 3, 2013

    [...] followers might notice that a fix for the recent Internet Explorer (IE) zero day vulnerability is missing from Microsoft’s expected updates. Researchers discovered this issue very [...]
  2. WatchGuard Security Week in Review: Episode 46 – IE 0day | WatchGuard Security Center - January 4, 2013

    [...] IE zero day exploit in the wild - WGSC [...]
  3. Microsoft Black Tuesday: Updates Correct .NET and MSXML Flaws | WatchGuard Security Center - January 8, 2013

    [...] I mentioned in last week’s notification, Microsoft is not releasing a fix for the recent Internet Explorer (IE) zero day vulnerability today. They simply haven’t had time to fully craft the patch since the exploit’s first [...]
  4. Out-of-Cycle IE Patch Mends Zero Day Vulnerability | WatchGuard Security Center - January 17, 2013

    [...] a previous post, we warned you of a zero day “use after free” vulnerability that affected Internet [...]

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 7,118 other followers

%d bloggers like this: